From fc41f21c1ceae5638386f30a40719eb2b8aab478 Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Tue, 18 Sep 2018 10:40:15 -0700 Subject: [PATCH 01/10] Change ms.localizationpriority to none --- .../auditing/advanced-security-audit-policy-settings.md | 2 +- .../auditing/advanced-security-auditing-faq.md | 2 +- .../threat-protection/auditing/advanced-security-auditing.md | 2 +- ...security-monitoring-recommendations-for-many-audit-events.md | 2 +- .../auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md | 2 +- .../threat-protection/auditing/audit-account-lockout.md | 2 +- .../threat-protection/auditing/audit-application-generated.md | 2 +- .../auditing/audit-application-group-management.md | 2 +- .../threat-protection/auditing/audit-audit-policy-change.md | 2 +- .../auditing/audit-authentication-policy-change.md | 2 +- .../auditing/audit-authorization-policy-change.md | 2 +- .../auditing/audit-central-access-policy-staging.md | 2 +- .../threat-protection/auditing/audit-certification-services.md | 2 +- .../auditing/audit-computer-account-management.md | 2 +- .../threat-protection/auditing/audit-credential-validation.md | 2 +- .../auditing/audit-detailed-directory-service-replication.md | 2 +- .../threat-protection/auditing/audit-detailed-file-share.md | 2 +- .../auditing/audit-directory-service-access.md | 2 +- .../auditing/audit-directory-service-changes.md | 2 +- .../auditing/audit-directory-service-replication.md | 2 +- .../auditing/audit-distribution-group-management.md | 2 +- .../security/threat-protection/auditing/audit-dpapi-activity.md | 2 +- windows/security/threat-protection/auditing/audit-file-share.md | 2 +- .../security/threat-protection/auditing/audit-file-system.md | 2 +- .../auditing/audit-filtering-platform-connection.md | 2 +- .../auditing/audit-filtering-platform-packet-drop.md | 2 +- .../auditing/audit-filtering-platform-policy-change.md | 2 +- .../threat-protection/auditing/audit-group-membership.md | 2 +- .../threat-protection/auditing/audit-handle-manipulation.md | 2 +- .../security/threat-protection/auditing/audit-ipsec-driver.md | 2 +- .../threat-protection/auditing/audit-ipsec-extended-mode.md | 2 +- .../threat-protection/auditing/audit-ipsec-main-mode.md | 2 +- .../threat-protection/auditing/audit-ipsec-quick-mode.md | 2 +- .../auditing/audit-kerberos-authentication-service.md | 2 +- .../auditing/audit-kerberos-service-ticket-operations.md | 2 +- .../security/threat-protection/auditing/audit-kernel-object.md | 2 +- windows/security/threat-protection/auditing/audit-logoff.md | 2 +- windows/security/threat-protection/auditing/audit-logon.md | 2 +- .../auditing/audit-mpssvc-rule-level-policy-change.md | 2 +- .../threat-protection/auditing/audit-network-policy-server.md | 2 +- .../auditing/audit-non-sensitive-privilege-use.md | 2 +- .../auditing/audit-other-account-logon-events.md | 2 +- .../auditing/audit-other-account-management-events.md | 2 +- .../auditing/audit-other-logonlogoff-events.md | 2 +- .../auditing/audit-other-object-access-events.md | 2 +- .../auditing/audit-other-policy-change-events.md | 2 +- .../auditing/audit-other-privilege-use-events.md | 2 +- .../threat-protection/auditing/audit-other-system-events.md | 2 +- .../security/threat-protection/auditing/audit-pnp-activity.md | 2 +- .../threat-protection/auditing/audit-process-creation.md | 2 +- .../threat-protection/auditing/audit-process-termination.md | 2 +- windows/security/threat-protection/auditing/audit-registry.md | 2 +- .../threat-protection/auditing/audit-removable-storage.md | 2 +- windows/security/threat-protection/auditing/audit-rpc-events.md | 2 +- windows/security/threat-protection/auditing/audit-sam.md | 2 +- .../auditing/audit-security-group-management.md | 2 +- .../threat-protection/auditing/audit-security-state-change.md | 2 +- .../auditing/audit-security-system-extension.md | 2 +- .../threat-protection/auditing/audit-sensitive-privilege-use.md | 2 +- .../security/threat-protection/auditing/audit-special-logon.md | 2 +- .../threat-protection/auditing/audit-system-integrity.md | 2 +- .../threat-protection/auditing/audit-user-account-management.md | 2 +- .../threat-protection/auditing/audit-user-device-claims.md | 2 +- .../auditing/basic-audit-account-logon-events.md | 2 +- .../auditing/basic-audit-account-management.md | 2 +- .../auditing/basic-audit-directory-service-access.md | 2 +- .../threat-protection/auditing/basic-audit-logon-events.md | 2 +- .../threat-protection/auditing/basic-audit-object-access.md | 2 +- .../threat-protection/auditing/basic-audit-policy-change.md | 2 +- .../threat-protection/auditing/basic-audit-privilege-use.md | 2 +- .../threat-protection/auditing/basic-audit-process-tracking.md | 2 +- .../threat-protection/auditing/basic-audit-system-events.md | 2 +- .../threat-protection/auditing/basic-security-audit-policies.md | 2 +- .../auditing/basic-security-audit-policy-settings.md | 2 +- ...reate-a-basic-audit-policy-settings-for-an-event-category.md | 2 +- windows/security/threat-protection/auditing/event-1100.md | 2 +- windows/security/threat-protection/auditing/event-1102.md | 2 +- windows/security/threat-protection/auditing/event-1104.md | 2 +- windows/security/threat-protection/auditing/event-1105.md | 2 +- windows/security/threat-protection/auditing/event-1108.md | 2 +- windows/security/threat-protection/auditing/event-4608.md | 2 +- windows/security/threat-protection/auditing/event-4610.md | 2 +- windows/security/threat-protection/auditing/event-4611.md | 2 +- windows/security/threat-protection/auditing/event-4612.md | 2 +- windows/security/threat-protection/auditing/event-4614.md | 2 +- windows/security/threat-protection/auditing/event-4615.md | 2 +- windows/security/threat-protection/auditing/event-4616.md | 2 +- windows/security/threat-protection/auditing/event-4618.md | 2 +- windows/security/threat-protection/auditing/event-4621.md | 2 +- windows/security/threat-protection/auditing/event-4622.md | 2 +- windows/security/threat-protection/auditing/event-4624.md | 2 +- windows/security/threat-protection/auditing/event-4625.md | 2 +- windows/security/threat-protection/auditing/event-4626.md | 2 +- windows/security/threat-protection/auditing/event-4627.md | 2 +- windows/security/threat-protection/auditing/event-4634.md | 2 +- windows/security/threat-protection/auditing/event-4647.md | 2 +- windows/security/threat-protection/auditing/event-4648.md | 2 +- windows/security/threat-protection/auditing/event-4649.md | 2 +- windows/security/threat-protection/auditing/event-4656.md | 2 +- windows/security/threat-protection/auditing/event-4657.md | 2 +- windows/security/threat-protection/auditing/event-4658.md | 2 +- windows/security/threat-protection/auditing/event-4660.md | 2 +- windows/security/threat-protection/auditing/event-4661.md | 2 +- windows/security/threat-protection/auditing/event-4662.md | 2 +- windows/security/threat-protection/auditing/event-4663.md | 2 +- windows/security/threat-protection/auditing/event-4664.md | 2 +- windows/security/threat-protection/auditing/event-4670.md | 2 +- windows/security/threat-protection/auditing/event-4671.md | 2 +- windows/security/threat-protection/auditing/event-4672.md | 2 +- windows/security/threat-protection/auditing/event-4673.md | 2 +- windows/security/threat-protection/auditing/event-4674.md | 2 +- windows/security/threat-protection/auditing/event-4675.md | 2 +- windows/security/threat-protection/auditing/event-4688.md | 2 +- windows/security/threat-protection/auditing/event-4689.md | 2 +- windows/security/threat-protection/auditing/event-4690.md | 2 +- windows/security/threat-protection/auditing/event-4691.md | 2 +- windows/security/threat-protection/auditing/event-4692.md | 2 +- windows/security/threat-protection/auditing/event-4693.md | 2 +- windows/security/threat-protection/auditing/event-4694.md | 2 +- windows/security/threat-protection/auditing/event-4695.md | 2 +- windows/security/threat-protection/auditing/event-4696.md | 2 +- windows/security/threat-protection/auditing/event-4697.md | 2 +- windows/security/threat-protection/auditing/event-4698.md | 2 +- windows/security/threat-protection/auditing/event-4699.md | 2 +- windows/security/threat-protection/auditing/event-4700.md | 2 +- windows/security/threat-protection/auditing/event-4701.md | 2 +- windows/security/threat-protection/auditing/event-4702.md | 2 +- windows/security/threat-protection/auditing/event-4703.md | 2 +- windows/security/threat-protection/auditing/event-4704.md | 2 +- windows/security/threat-protection/auditing/event-4705.md | 2 +- windows/security/threat-protection/auditing/event-4706.md | 2 +- windows/security/threat-protection/auditing/event-4707.md | 2 +- windows/security/threat-protection/auditing/event-4713.md | 2 +- windows/security/threat-protection/auditing/event-4714.md | 2 +- windows/security/threat-protection/auditing/event-4715.md | 2 +- windows/security/threat-protection/auditing/event-4716.md | 2 +- windows/security/threat-protection/auditing/event-4717.md | 2 +- windows/security/threat-protection/auditing/event-4718.md | 2 +- windows/security/threat-protection/auditing/event-4719.md | 2 +- windows/security/threat-protection/auditing/event-4720.md | 2 +- windows/security/threat-protection/auditing/event-4722.md | 2 +- windows/security/threat-protection/auditing/event-4723.md | 2 +- windows/security/threat-protection/auditing/event-4724.md | 2 +- windows/security/threat-protection/auditing/event-4725.md | 2 +- windows/security/threat-protection/auditing/event-4726.md | 2 +- windows/security/threat-protection/auditing/event-4731.md | 2 +- windows/security/threat-protection/auditing/event-4732.md | 2 +- windows/security/threat-protection/auditing/event-4733.md | 2 +- windows/security/threat-protection/auditing/event-4734.md | 2 +- windows/security/threat-protection/auditing/event-4735.md | 2 +- windows/security/threat-protection/auditing/event-4738.md | 2 +- windows/security/threat-protection/auditing/event-4739.md | 2 +- windows/security/threat-protection/auditing/event-4740.md | 2 +- windows/security/threat-protection/auditing/event-4741.md | 2 +- windows/security/threat-protection/auditing/event-4742.md | 2 +- windows/security/threat-protection/auditing/event-4743.md | 2 +- windows/security/threat-protection/auditing/event-4749.md | 2 +- windows/security/threat-protection/auditing/event-4750.md | 2 +- windows/security/threat-protection/auditing/event-4751.md | 2 +- windows/security/threat-protection/auditing/event-4752.md | 2 +- windows/security/threat-protection/auditing/event-4753.md | 2 +- windows/security/threat-protection/auditing/event-4764.md | 2 +- windows/security/threat-protection/auditing/event-4765.md | 2 +- windows/security/threat-protection/auditing/event-4766.md | 2 +- windows/security/threat-protection/auditing/event-4767.md | 2 +- windows/security/threat-protection/auditing/event-4768.md | 2 +- windows/security/threat-protection/auditing/event-4769.md | 2 +- windows/security/threat-protection/auditing/event-4770.md | 2 +- windows/security/threat-protection/auditing/event-4771.md | 2 +- windows/security/threat-protection/auditing/event-4772.md | 2 +- windows/security/threat-protection/auditing/event-4773.md | 2 +- windows/security/threat-protection/auditing/event-4774.md | 2 +- windows/security/threat-protection/auditing/event-4775.md | 2 +- windows/security/threat-protection/auditing/event-4776.md | 2 +- windows/security/threat-protection/auditing/event-4777.md | 2 +- windows/security/threat-protection/auditing/event-4778.md | 2 +- windows/security/threat-protection/auditing/event-4779.md | 2 +- windows/security/threat-protection/auditing/event-4780.md | 2 +- windows/security/threat-protection/auditing/event-4781.md | 2 +- windows/security/threat-protection/auditing/event-4782.md | 2 +- windows/security/threat-protection/auditing/event-4793.md | 2 +- windows/security/threat-protection/auditing/event-4794.md | 2 +- windows/security/threat-protection/auditing/event-4798.md | 2 +- windows/security/threat-protection/auditing/event-4799.md | 2 +- windows/security/threat-protection/auditing/event-4800.md | 2 +- windows/security/threat-protection/auditing/event-4801.md | 2 +- windows/security/threat-protection/auditing/event-4802.md | 2 +- windows/security/threat-protection/auditing/event-4803.md | 2 +- windows/security/threat-protection/auditing/event-4816.md | 2 +- windows/security/threat-protection/auditing/event-4817.md | 2 +- windows/security/threat-protection/auditing/event-4818.md | 2 +- windows/security/threat-protection/auditing/event-4819.md | 2 +- windows/security/threat-protection/auditing/event-4826.md | 2 +- windows/security/threat-protection/auditing/event-4864.md | 2 +- windows/security/threat-protection/auditing/event-4865.md | 2 +- windows/security/threat-protection/auditing/event-4866.md | 2 +- windows/security/threat-protection/auditing/event-4867.md | 2 +- windows/security/threat-protection/auditing/event-4902.md | 2 +- windows/security/threat-protection/auditing/event-4904.md | 2 +- windows/security/threat-protection/auditing/event-4905.md | 2 +- windows/security/threat-protection/auditing/event-4906.md | 2 +- windows/security/threat-protection/auditing/event-4907.md | 2 +- windows/security/threat-protection/auditing/event-4908.md | 2 +- windows/security/threat-protection/auditing/event-4909.md | 2 +- windows/security/threat-protection/auditing/event-4910.md | 2 +- windows/security/threat-protection/auditing/event-4911.md | 2 +- windows/security/threat-protection/auditing/event-4912.md | 2 +- windows/security/threat-protection/auditing/event-4913.md | 2 +- windows/security/threat-protection/auditing/event-4928.md | 2 +- windows/security/threat-protection/auditing/event-4929.md | 2 +- windows/security/threat-protection/auditing/event-4930.md | 2 +- windows/security/threat-protection/auditing/event-4931.md | 2 +- windows/security/threat-protection/auditing/event-4932.md | 2 +- windows/security/threat-protection/auditing/event-4933.md | 2 +- windows/security/threat-protection/auditing/event-4934.md | 2 +- windows/security/threat-protection/auditing/event-4935.md | 2 +- windows/security/threat-protection/auditing/event-4936.md | 2 +- windows/security/threat-protection/auditing/event-4937.md | 2 +- windows/security/threat-protection/auditing/event-4944.md | 2 +- windows/security/threat-protection/auditing/event-4945.md | 2 +- windows/security/threat-protection/auditing/event-4946.md | 2 +- windows/security/threat-protection/auditing/event-4947.md | 2 +- windows/security/threat-protection/auditing/event-4948.md | 2 +- windows/security/threat-protection/auditing/event-4949.md | 2 +- windows/security/threat-protection/auditing/event-4950.md | 2 +- windows/security/threat-protection/auditing/event-4951.md | 2 +- windows/security/threat-protection/auditing/event-4952.md | 2 +- windows/security/threat-protection/auditing/event-4953.md | 2 +- windows/security/threat-protection/auditing/event-4954.md | 2 +- windows/security/threat-protection/auditing/event-4956.md | 2 +- windows/security/threat-protection/auditing/event-4957.md | 2 +- windows/security/threat-protection/auditing/event-4958.md | 2 +- windows/security/threat-protection/auditing/event-4964.md | 2 +- windows/security/threat-protection/auditing/event-4985.md | 2 +- windows/security/threat-protection/auditing/event-5024.md | 2 +- windows/security/threat-protection/auditing/event-5025.md | 2 +- windows/security/threat-protection/auditing/event-5027.md | 2 +- windows/security/threat-protection/auditing/event-5028.md | 2 +- windows/security/threat-protection/auditing/event-5029.md | 2 +- windows/security/threat-protection/auditing/event-5030.md | 2 +- windows/security/threat-protection/auditing/event-5031.md | 2 +- windows/security/threat-protection/auditing/event-5032.md | 2 +- windows/security/threat-protection/auditing/event-5033.md | 2 +- windows/security/threat-protection/auditing/event-5034.md | 2 +- windows/security/threat-protection/auditing/event-5035.md | 2 +- windows/security/threat-protection/auditing/event-5037.md | 2 +- windows/security/threat-protection/auditing/event-5038.md | 2 +- windows/security/threat-protection/auditing/event-5039.md | 2 +- windows/security/threat-protection/auditing/event-5051.md | 2 +- windows/security/threat-protection/auditing/event-5056.md | 2 +- windows/security/threat-protection/auditing/event-5057.md | 2 +- windows/security/threat-protection/auditing/event-5058.md | 2 +- windows/security/threat-protection/auditing/event-5059.md | 2 +- windows/security/threat-protection/auditing/event-5060.md | 2 +- windows/security/threat-protection/auditing/event-5061.md | 2 +- windows/security/threat-protection/auditing/event-5062.md | 2 +- windows/security/threat-protection/auditing/event-5063.md | 2 +- windows/security/threat-protection/auditing/event-5064.md | 2 +- windows/security/threat-protection/auditing/event-5065.md | 2 +- windows/security/threat-protection/auditing/event-5066.md | 2 +- windows/security/threat-protection/auditing/event-5067.md | 2 +- windows/security/threat-protection/auditing/event-5068.md | 2 +- windows/security/threat-protection/auditing/event-5069.md | 2 +- windows/security/threat-protection/auditing/event-5070.md | 2 +- windows/security/threat-protection/auditing/event-5136.md | 2 +- windows/security/threat-protection/auditing/event-5137.md | 2 +- windows/security/threat-protection/auditing/event-5138.md | 2 +- windows/security/threat-protection/auditing/event-5139.md | 2 +- windows/security/threat-protection/auditing/event-5140.md | 2 +- windows/security/threat-protection/auditing/event-5141.md | 2 +- windows/security/threat-protection/auditing/event-5142.md | 2 +- windows/security/threat-protection/auditing/event-5143.md | 2 +- windows/security/threat-protection/auditing/event-5144.md | 2 +- windows/security/threat-protection/auditing/event-5145.md | 2 +- windows/security/threat-protection/auditing/event-5148.md | 2 +- windows/security/threat-protection/auditing/event-5149.md | 2 +- windows/security/threat-protection/auditing/event-5150.md | 2 +- windows/security/threat-protection/auditing/event-5151.md | 2 +- windows/security/threat-protection/auditing/event-5152.md | 2 +- windows/security/threat-protection/auditing/event-5153.md | 2 +- windows/security/threat-protection/auditing/event-5154.md | 2 +- windows/security/threat-protection/auditing/event-5155.md | 2 +- windows/security/threat-protection/auditing/event-5156.md | 2 +- windows/security/threat-protection/auditing/event-5157.md | 2 +- windows/security/threat-protection/auditing/event-5158.md | 2 +- windows/security/threat-protection/auditing/event-5159.md | 2 +- windows/security/threat-protection/auditing/event-5168.md | 2 +- windows/security/threat-protection/auditing/event-5376.md | 2 +- windows/security/threat-protection/auditing/event-5377.md | 2 +- windows/security/threat-protection/auditing/event-5378.md | 2 +- windows/security/threat-protection/auditing/event-5447.md | 2 +- windows/security/threat-protection/auditing/event-5632.md | 2 +- windows/security/threat-protection/auditing/event-5633.md | 2 +- windows/security/threat-protection/auditing/event-5712.md | 2 +- windows/security/threat-protection/auditing/event-5888.md | 2 +- windows/security/threat-protection/auditing/event-5889.md | 2 +- windows/security/threat-protection/auditing/event-5890.md | 2 +- windows/security/threat-protection/auditing/event-6144.md | 2 +- windows/security/threat-protection/auditing/event-6145.md | 2 +- windows/security/threat-protection/auditing/event-6281.md | 2 +- windows/security/threat-protection/auditing/event-6400.md | 2 +- windows/security/threat-protection/auditing/event-6401.md | 2 +- windows/security/threat-protection/auditing/event-6402.md | 2 +- windows/security/threat-protection/auditing/event-6403.md | 2 +- windows/security/threat-protection/auditing/event-6404.md | 2 +- windows/security/threat-protection/auditing/event-6405.md | 2 +- windows/security/threat-protection/auditing/event-6406.md | 2 +- windows/security/threat-protection/auditing/event-6407.md | 2 +- windows/security/threat-protection/auditing/event-6408.md | 2 +- windows/security/threat-protection/auditing/event-6409.md | 2 +- windows/security/threat-protection/auditing/event-6410.md | 2 +- windows/security/threat-protection/auditing/event-6416.md | 2 +- windows/security/threat-protection/auditing/event-6419.md | 2 +- windows/security/threat-protection/auditing/event-6420.md | 2 +- windows/security/threat-protection/auditing/event-6421.md | 2 +- windows/security/threat-protection/auditing/event-6422.md | 2 +- windows/security/threat-protection/auditing/event-6423.md | 2 +- windows/security/threat-protection/auditing/event-6424.md | 2 +- 318 files changed, 318 insertions(+), 318 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 5fdb1739c0..f9a028c36e 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md index 00ef9a3f98..80aac0ab42 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 8601d26ede..95b7643f60 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index 7e40077bc3..454c14422b 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index e84f020843..8b1f8421eb 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 07/25/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 1e4cf0bc0a..9cb1d5053c 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 07/16/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index dc4a17983a..ad98239120 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 54a24aeabd..5840b881a2 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 1adb598a89..a64e4c60e4 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index e09948e6a9..9c4f4f01b9 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index ec84ce1cdf..d2a34b5e82 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index f06923aec9..ce97191388 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index db60342744..34094b45c4 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 5b3570b704..9ba95826d4 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index 9f9d0cb8f4..1053fc3b3e 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index 0f25203d5d..c20e709c3f 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 90ea83f0c5..512ffb1d82 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index 76de4e61d1..af3f219142 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index d7120d4c5c..30761993c8 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 3271a1b5fb..41ced142b1 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 1d9c77ad06..88a2692952 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index 4b03a1f4a7..8e927d07a5 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 4501f8e8f7..6664fafb8d 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 3195fd4e72..133f3f2532 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index 9160d63777..d196239f6b 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index 15e570608f..0a55d6a91f 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index cd4c887700..82e1e1f4d3 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index 2c77196a27..c503247f64 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index b0c1442c91..032486cabe 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 1907464fec..4b1c430188 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 41835f6b58..9edf8ad528 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index af0f1a911e..d0764daf4b 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index 3931177329..7adfcddd8c 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index c27b4bdf2d..fa45372c3e 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index f8827a3cf1..555286d0f5 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index d61d5386f0..e8bd06b601 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index 347351c797..521a5e8e0f 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 07/16/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index e57df86b17..4b4cc2f5de 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index 8d79ebdaaa..f3bb9e035a 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 4cd445c0e1..31203993ba 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 29a2bf062c..9f0a2a2a2f 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 212599c38d..8a13f5aac2 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index 0dada7cc0f..01d32dee4a 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index d1c84998ab..06c1cec1ea 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index a100b7f4f4..199192018a 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 05/29/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 3e9078765c..08d287a0cb 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index a494cdd7b4..45be00eab8 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index a9e385b322..e70d6e2681 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 08dd852a74..51f7778df1 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 65d9725fb1..39e53664c4 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index ff6e0c7eb7..d1a88331d5 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 463a01e1f6..2acf898d3b 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index d4abe3507f..d47d436aa8 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index a091eac795..584b5fb9ff 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index dc8b55abd1..0c36ef5e56 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 2e14934b51..7ce77ac37a 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 29afe92c74..127b34b44a 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 695ee99db2..778abbd8c0 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index d0572e5d91..f9b696cb08 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index 318d0c7c8d..bfd47e55e9 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index 27548edf0f..7690f62c37 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 8c7ee885fc..3315c7f053 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index dbc39068f4..988736426a 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -6,7 +6,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 94c4b462f1..8b87a565cb 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index e1ad77ba01..5ae03bbe81 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index c0a52a4dc4..aea8e2c6a8 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 9f3210eae2..5ac16f81ca 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 8492b5fb62..564f09756f 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index 9ff920eda5..d6fa0d9840 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 74c74bd180..12b823cf4e 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index 1282c18871..ada9f8ba66 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 2cc15b14cb..1c30f0f216 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 31ba69f0e1..87389a5d60 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 6f7578b433..814491f237 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 6b329771a8..71a8cdfc2c 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: none author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index 13ae345c28..8ae8a12264 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 61d48236a0..cb164a63ca 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index d6928796bc..8108688794 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index 3fb741e93d..25c17fe2ee 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 53a761ddd3..d726c93ad0 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 40e4b625b8..cff87d7dea 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index 97ce41dd27..f06b332a6c 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index 97cefc2edc..c306a73ee1 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 1d0a8fc3ac..4a380aceb6 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index 83b5ae6f58..1c2d522fd4 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index 37c253f26f..2f460fcef2 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 61bcb648f9..b05a075adc 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index 624692202b..6f99221add 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index b1e1638791..1c4966789f 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index b8b8d972af..9e406ae1b4 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 8ee6f8a44b..88890d35a3 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index f06d559a05..2a67c5bece 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index 804c229ae3..00bdfbedbf 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 86c34c7909..4ce1a85b44 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 9f05521e12..364cc29898 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 11/20/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index f3f4af3202..ada815be96 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index 1614e05097..79190f5271 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index 3b378b7682..9214d1fc97 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index b009f0d8eb..8c72de4fc2 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index 06375a60e0..5ce80b0284 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index 5ceeb9a280..2002ff7b1d 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 1d464049d7..02e32d0958 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index fab58ae85f..e9be1c1106 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index 945efabaa8..f784317663 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index 0896af005f..f3db0e1298 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index 23ee991c1a..22ec52f545 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 496c9157ff..94bb9f707f 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index e8f42c6afa..eb364f29f6 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index 04962bc557..9a9d51814e 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 8749baa01b..5080043717 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 58934e4de7..113d7caac9 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index f5946c9298..fa71f35477 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index eef6cadbee..3739d330a3 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index dceac91e41..e5ad7cdede 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index 88b3db7b2f..416593f25d 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 2ccb4ed0a9..b081552f9c 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index e1eaefb348..fa60a9afe7 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index e9f776d0ca..422a22d16d 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index b8b2d4fde7..43660656d1 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index 5bc050e752..5b94789f6e 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index 94e30520f0..4297ae500c 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 608cf4412e..6ec3afd6b3 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index 0ea9a8bfcb..5a9d579d52 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index f4deaf1e26..36bbbe2e12 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index b6550f63e8..5488c0fe3f 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index 66c0fdbe24..e68e88564e 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 9b344d520b..04b87445fc 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index 3a33b7fb1a..499adb7003 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index 2f3c13af0b..9498cad12e 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index 9411db16ba..b90233b9f4 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index b0d1108d01..d1521c73e2 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index 85c6887b71..15321679ec 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index f8c17d0d23..2cfa10bcc4 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index 45e1db3e65..bd99198a79 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 31b4ed376d..3d53dbfc66 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 6389cea265..e250d2d76b 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 4921434446..fbe3204478 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index db47f55f93..3886b9e04f 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index d67898fd2e..9b2455527b 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index c182112703..535c3ad26a 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 261f9cb975..759bb70c79 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index d0bea5eb68..94cad5dcb5 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index b3913f0cbe..159cf6c977 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index 72a9797d2d..666b390af6 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index b3dfd1467b..92453fda66 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index 9f840372e7..5fc169586c 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index b032541291..2be7574075 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index 5803a7a96d..940ddf7318 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index 336f98cd2d..ca4f21d730 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index ea6a0f906b..23c8e66bd6 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 6a0c6f7fec..41316ce8c9 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index b4ce931ca3..af0fcac973 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 766edfb035..5c05b0ef4a 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index 9fcabb2b06..e699566732 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 81c06e259a..0ab317604e 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index a6a08ce668..1a1b7d54b9 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index adf348858e..246c690505 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index c6f9458b13..372e067fb1 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index a54bc67494..5aad3931e8 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index 67b6917c57..faa65c3205 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index 6f7ea445cc..c7df1c49c3 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 914faaec85..7a531f94cb 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index 9930e1add7..6bcb624195 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index 03e5f98777..2e7b864ec7 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index e9c94bc2b7..567d9d197e 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index dfad68c114..eee391bee2 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index ddc3fc91bd..b7187f8d10 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index d1fbaec511..0dc1358a3d 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index 34add04027..91db8f35ee 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index 3bb2aa354c..cf2e1d5c17 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index 8a65a7df8a..ed5f9bb1a0 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 65edca2761..e88f833a6c 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index 473697a68f..e257e4610f 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index ef04b9a13e..e748e1caf0 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index ec54750c71..ee412150ee 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index caa301af26..686af7ea86 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 48da89946f..338bb36e87 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index 26d14f55d5..cd95a2f2a2 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index be9c51ab52..acf0ea8014 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index 195c2cf4df..b41a078e08 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index b0ac045f2f..d34b62517d 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index cd85dc1d77..d3bcd9301c 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index c432cb8c08..52a95c2b18 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 1f126c2840..c8171085ac 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 1d4ef520e5..48a8e41773 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 7681ec1773..84364654bc 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index f984fd6753..c57dedf1a6 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index f857dd4f57..0d10438bc8 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index 1166587fae..fee398f114 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index ce42488f86..b77a5db3be 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index 147dee2f2b..f2443032d5 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index 6b7f2516b5..7c2bc71dc5 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index d3a1cf34e3..17448acec2 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index a4729e4103..0417800a87 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index 843d1542b6..a59b9b843d 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index bf32d2daa5..4f5095c9dc 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index cc0c449a75..c323c5ec14 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index 9a59309492..ad1d71cdae 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index c529ad4a45..c4c763c993 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index 5cdb7f8d3c..c9f8c95d64 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index 7ad2014e0c..656f80f36d 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index bd687db23f..cbf73343da 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 91100cee21..416ce22b6e 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index 02c3e26b35..a5cac875fe 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index fcf06907b2..caae02d594 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index a613fe1a37..a21a9b132f 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index 87d587596b..8a78fdde05 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index 8c3d47db80..4388e3db87 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index 615d55926f..0c0ff2b9bc 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index f1e2e9044a..efbf9fb2d0 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index 7063936812..782d76ece8 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index ef59fb97f9..4525a536b0 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index 40f8fe939a..5481fec3bc 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index f1097f928f..a4ae0f6a9a 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index 7df893eab6..afc657cfe7 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index d29e4f36f5..a666ac4295 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index 92b3e6caf5..2541043735 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 2b02731d51..62f13d85ab 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index b4169b5915..5b4960bfc9 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index c759afa1e6..eba8ccd671 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index 9c67d305e2..21b7061a9b 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index bb9a592ca3..3c43a64cd2 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index 2a8a1a7a9a..6ab7f16f7f 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index 0454afa9ca..af8020bcfa 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index fd666fc369..86b013392c 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index a83b9f12c9..d9e05e9505 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index dfa3de4c4f..32dc73cc6e 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index d74e0ac560..0835e66b51 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index 91e3c4833d..743878ab0f 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index 2c57e4c683..dbdb573ed5 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index 135f54ed60..d9684e4ba7 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index e04a7c576b..bb6d247e38 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index 64d80d5bd4..505c750a6f 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index b5ae0e52fc..dafaf8db67 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index 41b9e70214..f1183ce7ac 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index 1fc4d75d56..43d42d9ad6 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 369785a28c..7a02f1c187 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 426fabfd91..51c3c3a7aa 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index b406c84f14..cee2e5f678 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index 48a65fb8f8..4f42988a8c 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index 583721a9fe..e45a0beb04 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index d15d9f16fa..0a95f4b688 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index 75109ef8f3..9c05c9b919 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index 0ccd247148..d45008ad7a 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index 175e4aadec..d7897db3b0 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index bf4911fb3e..6f2c76bbc8 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 3e6b0fb302..1f420e0916 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index 7b1ba2e281..b32498cbac 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index 73f82089f2..b979c83969 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index be7ee92421..9f120f6027 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index 55f1edb854..475cfcfab7 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index c0b2c17fe8..3b1cb19b0a 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index cc890b0727..8d71b94dd4 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index be31414e13..097b25ad56 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index cbd18c4c2a..014ea71245 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index 67b9d5b4e3..7a8d60d333 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index b5a82e84e3..ba5fcc95d5 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 5ee606581a..8fb4261204 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index ee4fae206d..57817b83de 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index c37391a6df..d32b399dc1 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index 4928e743c7..5232db2d68 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index 45904a6ef7..54c1aa3f5f 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index 6f40c2d61f..59b441d6a9 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index dde6756a49..2da4b27923 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index ac81516d45..653e8227b1 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 68e3c16bf6..1b3f5cb556 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 8f8025411c..13390e20d8 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index b949968635..fcf72e490a 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index aa0ea5013d..216fda1e69 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index d1a8d52a18..4fb9ff313d 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index e031fd9dbd..3a6937b68b 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index 999f6f9f93..10340b7e17 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 905774bf44..65f92128dd 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index ec8421bf74..4b959c56eb 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index c4461e26a3..602cf56f41 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 05/29/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 08039b5ca0..991095fcd1 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 05/29/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 3afbcf26df..0ddcd6478e 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 4864a283c9..57b29c41cf 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index 154a62f07a..ec9ffa6ee6 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index ffd21c1282..f2bb576647 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 9dd278c6a8..11a6a76441 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index 8662e186f2..59ddc54716 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index bfeaa865c2..982fb26822 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index 6b91edfeb0..33b919c24b 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index d3d62462e1..9e5a7fbf6d 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index 3fdf553811..74fd606119 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 46f401b3a0..c8eec57f75 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index 40919244b6..3714d2750a 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index c55060acff..585ca469c6 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index 47e308e4b7..df9199e9fa 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index d946f5bf63..1e72720f03 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index b84d151c2d..9ab4899bf0 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index 7984ff5428..6fcac6b719 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index 0588eb54be..be757a5bb8 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 28a9434761..7b9765b982 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index 180114aff2..258e121a80 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index c9dcc8b7e8..fbc98bd144 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 6001c97965..85812bc35a 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index 0c7df89384..de7a63be42 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index 91740aeefb..837d239ea6 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index 8846fca660..bdf323461d 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index eb91491cd0..c8fc24b94d 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 4a1a25539a..49d6839bdf 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 28eef92c52..30b311e730 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index 2a7e910540..a988484860 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index 7fc3ad0806..57b7d78034 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index 8d55408ad9..dd74c47896 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index ba34e7a26e..c6f8e25a6c 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index 1f54ca83b1..0aacfce3f1 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index b5e0e99e03..6bbe69fb2d 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index f1c92358f7..f58b033971 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 812286011b..d9667a2625 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index b2f31d721b..e9582509f3 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index da80a07bdc..970c382ab7 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index 0b09ff7dee..bddd6284b5 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 42d91b1f65..38990177e5 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index e3eb81e79d..f48d8e7d1b 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index a4ef6c15e8..d9f0466d51 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -5,7 +5,7 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: none author: Mir0sh ms.date: 04/19/2017 --- From 630a97cbbcd346ace81952f11a788f2b1f29336c Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Tue, 18 Sep 2018 11:53:06 -0700 Subject: [PATCH 02/10] Corrected capitalization, changed ASR to ASR rules --- .../attack-surface-reduction-exploit-guard.md | 26 ++++---- .../audit-windows-defender-exploit-guard.md | 26 +++----- ...lect-cab-files-exploit-guard-submission.md | 16 ++--- .../controlled-folders-exploit-guard.md | 27 ++++---- .../customize-attack-surface-reduction.md | 36 +++++------ ...tomize-controlled-folders-exploit-guard.md | 51 +++++---------- .../customize-exploit-protection.md | 37 ++--------- .../emet-exploit-protection-exploit-guard.md | 30 +++------ .../enable-attack-surface-reduction.md | 57 +++++------------ ...enable-controlled-folders-exploit-guard.md | 24 +++---- .../enable-exploit-protection.md | 6 +- .../enable-network-protection.md | 55 +++++----------- ...tion-based-protection-of-code-integrity.md | 2 +- .../evaluate-attack-surface-reduction.md | 52 ++++------------ .../evaluate-controlled-folder-access.md | 51 +++++---------- .../evaluate-exploit-protection.md | 17 ++--- .../evaluate-network-protection.md | 47 ++++---------- ...evaluate-windows-defender-exploit-guard.md | 30 +++------ .../event-views-exploit-guard.md | 23 ++----- .../exploit-protection-exploit-guard.md | 62 ++++++------------- ...port-export-exploit-protection-emet-xml.md | 58 +++++------------ .../memory-integrity.md | 3 - .../network-protection-exploit-guard.md | 29 +++------ ...tion-based-protection-of-code-integrity.md | 2 +- .../troubleshoot-asr.md | 54 ++++++---------- ...bleshoot-exploit-protection-mitigations.md | 31 +++------- .../troubleshoot-np.md | 36 ++++------- .../windows-defender-exploit-guard.md | 19 ++---- 28 files changed, 274 insertions(+), 633 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 99f362c3fb..4da637f7a1 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Use Attack surface reduction rules to prevent malware infection +title: Use attack surface reduction rules to prevent malware infection description: ASR rules can help prevent exploits from using apps and scripts to infect machines with malware keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention search.product: eADQiWindows 10XVcnh @@ -16,17 +16,17 @@ ms.date: 08/08/2018 -# Reduce attack surfaces with Windows Defender Exploit Guard +# Reduce attack surfaces with attack surface reduction rules **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. -Attack surface reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. +Attack surface reduction rules work best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). -Attack surface reduction has a number of [rules](#attack-surface-reduction-rules), each of which targets specific behaviors that are typically used by malware and malicious apps to infect machines, such as: +Attack surface reduction rules each target specific behaviors that are typically used by malware and malicious apps to infect machines, such as: - Executable files and scripts used in Office apps or web mail that attempt to download or run files - Scripts that are obfuscated or otherwise suspicious @@ -34,11 +34,11 @@ Attack surface reduction has a number of [rules](#attack-surface-reduction-rules When a rule is triggered, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. -You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack surface reduction would impact your organization if it were enabled. +You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. ## Requirements -Attack surface reduction requires Windows 10 Enterprise E5 and [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md). +Attack surface reduction rules require Windows 10 Enterprise E5 and [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md). ## Attack surface reduction rules @@ -180,9 +180,9 @@ This is a typical malware behavior, especially for macro-based attacks that atte This rule blocks Adobe Reader from creating child processes. -## Review Attack surface reduction events in Windows Event Viewer +## Review attack surface reduction rule events in Windows Event Viewer -You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited): +You can review the Windows event log to see events that are created when an attack surface reduction rule is triggered (or audited): 1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *asr-events.xml* to an easily accessible location on the machine. @@ -196,7 +196,7 @@ You can review the Windows event log to see events that are created when an Atta 4. Click **OK**. -5. This will create a custom view that filters to only show the following events related to Attack surface reduction: +5. This will create a custom view that filters to only show the following events related to attack surface reduction rules: Event ID | Description -|- @@ -218,7 +218,7 @@ You can review the Windows event log to see events that are created when an Atta Topic | Description ---|--- -[Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md) | Use a tool to see a number of scenarios that demonstrate how the feature works, and what events would typically be created. -[Enable Attack surface reduction](enable-attack-surface-reduction.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage Attack surface reduction in your network. -[Customize Attack surface reduction](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by Attack surface reduction and customize the notification that appears on a user's machine when a rule blocks an app or file. +[Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) | Use a tool to see a number of scenarios that demonstrate how attack surface reduction rules work, and what events would typically be created. +[Enable attack surface reduction rules](enable-attack-surface-reduction.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage attack surface reduction rules in your network. +[Customize attack surface reduction rules](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by attack surface reduction rules and customize the notification that appears on a user's machine when a rule blocks an app or file. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 5e7831035b..93c4bdde11 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -21,18 +21,13 @@ ms.date: 08/08/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - -You can enable attack surface reduction, eploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. +You can enable attack surface reduction rules, eploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. You might want to do this when testing how the features will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period. While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled. -You can use Windows Defender Advanced Threat Protection to get greater deatils for each event, especially for investigating Attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +You can use Windows Defender Advanced Threat Protection to get greater deatils for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. @@ -45,10 +40,10 @@ You can use Group Policy, PowerShell, and configuration service providers (CSPs) Audit options | How to enable audit mode | How to view events - | - | - -Audit applies to all events | [Enable Controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer) -Audit applies to individual rules | [Enable Attack surface reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack surface reduction events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) -Audit applies to all events | [Enable Network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) -Audit applies to individual mitigations | [Enable Exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer) +Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer) +Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) +Audit applies to all events | [Enable network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) +Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer) You can also use the a custom PowerShell script that enables the features in audit mode automatically: @@ -69,14 +64,9 @@ You can also use the a custom PowerShell script that enables the features in aud A message should appear to indicate that audit mode was enabled. - ## Related topics - - [Protect devices from exploits](exploit-protection-exploit-guard.md) -- [Reduce attack surfaces with](attack-surface-reduction-exploit-guard.md) +- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) - [Protect your network](network-protection-exploit-guard.md) -- [Protect important folders](controlled-folders-exploit-guard.md) - - - +- [Protect important folders](controlled-folders-exploit-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md index 72daf4a2bc..83348307d8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md @@ -20,17 +20,13 @@ ms.date: 08/08/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) +This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using attack surface reduction rules, network protection, exploit protection, and controlled folder access. - -- IT administrators - -This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using Windows Defender Exploit Guard. - -In particular, you will be asked to collect and attach this data when using the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) if you indicate that you have encountered a problem with [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) or [Network protection](network-protection-exploit-guard.md). +In particular, you will be asked to collect and attach this data when using the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) if you indicate that you have encountered a problem with [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) or [network protection](network-protection-exploit-guard.md). Before attempting this process, ensure you have met all required pre-requisites and taken any other suggested troubleshooting steps as described in these topics: -- [Troubleshoot Windows Defender Exploit Guard ASR rules](troubleshoot-asr.md) -- [Troubleshoot Windows Defender Network protection](troubleshoot-np.md) +- [Troubleshoot attack surface reduction rules](troubleshoot-asr.md) +- [Troubleshoot network protection](troubleshoot-np.md) @@ -63,7 +59,7 @@ Before attempting this process, ensure you have met all required pre-requisites ## Related topics -- [Troubleshoot ASR rules](troubleshoot-asr.md) -- [Troubleshoot Network protection](troubleshoot-np.md) +- [Troubleshoot attack surface reduction rules](troubleshoot-asr.md) +- [Troubleshoot network protection](troubleshoot-np.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index a5c31c8baf..512dbfe039 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -14,18 +14,14 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - - # Protect important folders with controlled folder access - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. -Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder. @@ -35,17 +31,16 @@ A notification will appear on the computer where the app attempted to make chang The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders-exploit-guard.md#protect-additional-folders). You can also [allow or whitelist apps](customize-controlled-folders-exploit-guard.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. -You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. +You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. ## Requirements -Controlled folder access requires enabling [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md). +Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md). +## Review controlled folder access events in Windows Event Viewer -## Review Controlled folder access events in Windows Event Viewer - -You can review the Windows event log to see events that are created when Controlled folder access blocks (or audits) an app: +You can review the Windows event log to see events that are created when controlled folder access blocks (or audits) an app: 1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the machine. @@ -59,19 +54,19 @@ You can review the Windows event log to see events that are created when Control 4. Click **OK**. -5. This will create a custom view that filters to only show the following events related to Controlled folder access: +5. This will create a custom view that filters to only show the following events related to controlled folder access: Event ID | Description -|- 5007 | Event when settings are changed -1124 | Audited Controlled folder access event -1123 | Blocked Controlled folder access event +1124 | Audited controlled folder access event +1123 | Blocked controlled folder access event ## In this section Topic | Description ---|--- -[Evaluate Controlled folder access](evaluate-controlled-folder-access.md) | Use a dedicated demo tool to see how Controlled folder access works, and what events would typically be created. -[Enable Controlled folder access](enable-controlled-folders-exploit-guard.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage Controlled folder access in your network -[Customize Controlled folder access](customize-controlled-folders-exploit-guard.md) | Add additional protected folders, and allow specified apps to access protected folders. +[Evaluate controlled folder access](evaluate-controlled-folder-access.md) | Use a dedicated demo tool to see how controlled folder access works, and what events would typically be created. +[Enable controlled folder access](enable-controlled-folders-exploit-guard.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage controlled folder access in your network +[Customize controlled folder access](customize-controlled-folders-exploit-guard.md) | Add additional protected folders, and allow specified apps to access protected folders. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index dbe8cbe7a5..7ce11b6159 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -1,5 +1,5 @@ --- -title: Configure how ASR works to finetune protection in your network +title: Configure how attack surface reduction rules work to finetune protection in your network description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude search.product: eADQiWindows 10XVcnh @@ -14,27 +14,26 @@ ms.author: v-anbic ms.date: 08/08/2018 --- -# Customize attack surface reduction +# Customize attack surface reduction rules **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. -Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. - -This topic describes how to customize Attack surface reduction by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer. +This topic describes how to customize attack surface reduction rules by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer. You can use Group Policy, PowerShell, and MDM CSPs to configure these settings. ## Exclude files and folders -You can exclude files and folders from being evaluated by most Attack surface reduction rules. This means that even if the file or folder contains malicious behavior as determined by an Attack surface reduction rule, the file will not be blocked from running. +You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if the file or folder contains malicious behavior as determined by an attack surface reduction rule, the file will not be blocked from running. This could potentially allow unsafe files to run and infect your devices. >[!WARNING] ->Excluding files or folders can severely reduce the protection provided by Attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. +>Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. > >If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules). @@ -65,19 +64,17 @@ Block untrusted and unsigned processes that run from USB | [!include[Check mark Block only Office communication applications from creating child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | 26190899-1602-49e8-8b27-eb1d0a1ce869 Block Adobe Reader from creating child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c - -See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule. - +See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule. ### Use Group Policy to exclude files and folders -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**. +3. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**. -6. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. +4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. ### Use PowerShell to exclude files and folderss @@ -90,7 +87,6 @@ See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) to Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more folders to the list. - >[!IMPORTANT] >Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. @@ -98,17 +94,13 @@ Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. - - ## Customize the notification See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. - - ## Related topics -- [Reduce attack surfaces](attack-surface-reduction-exploit-guard.md) -- [Enable Attack surface reduction](enable-attack-surface-reduction.md) -- [Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md) +- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) +- [Enable attack surface reduction rules](enable-attack-surface-reduction.md) +- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index aebfd7efca..df384978c2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -14,19 +14,15 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - - # Customize controlled folder access - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. -This topic describes how to customize the following settings of the Controlled folder access feature with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs): +This topic describes how to customize the following settings of the controlled folder access feature with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs): - [Add additional folders to be protected](#protect-additional-folders) - [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders) @@ -36,14 +32,13 @@ This topic describes how to customize the following settings of the Controlled f > >This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender-exploit-guard.md) to fully assess the feature's impact. - ## Protect additional folders Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop. You can add additional folders to be protected, but you cannot remove the default folders in the default list. -Adding other folders to Controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults. +Adding other folders to controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults. You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). @@ -62,16 +57,15 @@ You can use the Windows Defender Security Center app or Group Policy to add and ![Screenshot of the Virus and threat protection settings button](images/cfa-prot-folders.png) - ### Use Group Policy to protect additional folders -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -3. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**. -5. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. +3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. -6. Double-click **Configured protected folders** and set the option to **Enabled**. Click **Show** and enter each folder. +4. Double-click **Configured protected folders** and set the option to **Enabled**. Click **Show** and enter each folder. ### Use PowerShell to protect additional folders @@ -82,34 +76,28 @@ You can use the Windows Defender Security Center app or Group Policy to add and Add-MpPreference -ControlledFolderAccessProtectedFolders "" ``` - Continue to use `Add-MpPreference -ControlledFolderAccessProtectedFolders` to add more folders to the list. Folders added using this cmdlet will appear in the Windows Defender Security Center app. - ![Screenshot of a PowerShell window with the cmdlet above entered](images/cfa-allow-folder-ps.png) - >[!IMPORTANT] >Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. ### Use MDM CSPs to protect additional folders -Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders. +Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders. +## Allow specific apps to make changes to controlled folders - - ## Allow specific apps to make changes to controlled folders - -You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the Controlled folder access feature. +You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the controlled folder access feature. >[!IMPORTANT] >By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app or by using the associated PowerShell cmdlets. >You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness. - You can use the Windows Defender Security Center app or Group Policy to add and remove apps that should be allowed to access protected folders. -When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by Controlled folder access. +When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access. ### Use the Windows Defender Security app to allow specific apps @@ -127,13 +115,11 @@ When you add an app, you have to specify the app's location. Only the app in tha 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -5. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. - -6. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app. +2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. +4. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app. ### Use PowerShell to allow specific apps @@ -149,18 +135,13 @@ When you add an app, you have to specify the app's location. Only the app in tha ```PowerShell Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe" ``` - Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to add more apps to the list. Apps added using this cmdlet will appear in the Windows Defender Security Center app. - ![Screenshot of a PowerShell window with the above cmdlet entered](images/cfa-allow-app-ps.png) - >[!IMPORTANT] >Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. - - ### Use MDM CSPs to allow specific apps Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders. @@ -170,6 +151,6 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications] See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. ## Related topics -- [Protect important folders with Controlled folder access](controlled-folders-exploit-guard.md) -- [Enable Controlled folder access](enable-controlled-folders-exploit-guard.md) -- [Evaluate attack surface reduction](evaluate-windows-defender-exploit-guard.md) \ No newline at end of file +- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) +- [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) +- [Evaluate attack surface reduction rules](evaluate-windows-defender-exploit-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index 59513ac8ec..456600479e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -14,31 +14,17 @@ ms.author: v-anbic ms.date: 08/08/2018 --- -# Customize Exploit protection +# Customize exploit protection **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - - - Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps. - You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell. - This topic lists each of the mitigations available in Exploit protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works. + This topic lists each of the mitigations available in exploit protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works. It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md). @@ -49,10 +35,8 @@ It also describes how to enable or configure the mitigations using Windows Defen All mitigations can be configured for individual apps. Some mitigations can also be applied at the operating system level. - You can set each of the mitigations to on, off, or to their default value. Some mitigations have additional options, these are indicated in the description in the table. - Default values are always specified in brackets at the **Use default** option for each mitigation. In the following example, the default for Data Execution Prevention is "On". ![Screenshot showing the drop down menu for DEP which shows the default for DEP as On](images/ep-default.png) @@ -118,8 +102,6 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi >The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. >CFG will be enabled for *miles.exe*. - - ### Configure system-level mitigations with the Windows Defender Security Center app 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -144,7 +126,6 @@ You can now [export these settings as an XML file](import-export-exploit-protect Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines. - ### Configure app-specific mitigations with the Windows Defender Security Center app 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -160,7 +141,6 @@ Exporting the configuration as an XML file allows you to copy the configuration ![Screenshot showing the add file or folder button](images/wdsc-exp-prot-app-settings.png) - 4. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. 5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration. @@ -171,8 +151,7 @@ You can now [export these settings as an XML file](import-export-exploit-protect Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines. - - ## PowerShell reference +## PowerShell reference You can use the Windows Defender Security Center app to configure Exploit protection, or you can use PowerShell cmdlets. @@ -181,7 +160,6 @@ Exporting the configuration as an XML file allows you to copy the configuration >[!IMPORTANT] >Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overridden. - You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app: ```PowerShell @@ -202,8 +180,6 @@ Use `Set` to configure each mitigation in the following format: ```PowerShell Set-ProcessMitigation - - ,, ``` - - Where: - \: @@ -215,7 +191,6 @@ Where: - \: - The mitigation's cmdlet as defined in the [mitigation cmdlets table](#cmdlets-table) below, along with any suboptions (surrounded with spaces). Each mitigation is seperated with a comma. - For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command: ```PowerShell @@ -298,6 +273,6 @@ See the [Windows Defender Security Center](../windows-defender-security-center/w - [Protect devices from exploits](exploit-protection-exploit-guard.md) - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) -- [Evaluate Exploit protection](evaluate-exploit-protection.md) -- [Enable Exploit protection](enable-exploit-protection.md) -- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md) +- [Evaluate exploit protection](evaluate-exploit-protection.md) +- [Enable exploit protection](enable-exploit-protection.md) +- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md index f37c7b6665..84aa9a626f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md @@ -14,22 +14,18 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - - # Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - >[!IMPORTANT] ->If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows Defender ATP. +>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. > >You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. -This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and Exploit protection in Windows Defender ATP. +This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Windows Defender ATP. Exploit protection in Windows Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options. @@ -40,9 +36,7 @@ After July 31, 2018, it will not be supported. For more information about the individual features and mitigations available in Windows Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics: - [Protect devices from exploits](exploit-protection-exploit-guard.md) -- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) - - +- [Configure and audit exploit protection mitigations](customize-exploit-protection.md) ## Feature comparison @@ -68,17 +62,13 @@ Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)]
[U Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
[Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited Windows event log monitoring Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)]
[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]
Limited to EAF, EAF+, and anti-ROP mitigations - - ([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx). ([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [Exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus. - - ## Mitigation comparison -The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [Exploit protection feature](exploit-protection-exploit-guard.md). +The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [exploit protection feature](exploit-protection-exploit-guard.md). The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection. @@ -109,10 +99,6 @@ Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] - - - - >[!NOTE] >The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process. > @@ -122,9 +108,9 @@ Validate image dependency integrity | [!include[Check mark yes](images/svg/check ## Related topics - [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) -- [Evaluate Exploit protection](evaluate-exploit-protection.md) -- [Enable Exploit protection](enable-exploit-protection.md) -- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) -- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md) +- [Evaluate exploit protection](evaluate-exploit-protection.md) +- [Enable exploit protection](enable-exploit-protection.md) +- [Configure and audit exploit protection mitigations](customize-exploit-protection.md) +- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 4c1735dfdf..7196263262 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -14,32 +14,15 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - -# Enable Attack surface reduction - +# Enable attack surface reduction rules **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. - - - - - - - - - - - - -Attack surface reduction is a feature that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. - - - -## Enable and audit Attack surface reduction rules +## Enable and audit attack surface reduction rules You can use Group Policy, PowerShell, or MDM CSPs to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode. @@ -68,27 +51,23 @@ Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule. -### Use Group Policy to enable or audit Attack surface reduction rules +### Use Group Policy to enable or audit attack surface reduction rules +1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. -5. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. - -6. Double-click the **Configure Attack surface reduction rules** setting and set the option to **Enabled**. You can then set the individual state for each rule in the options section: +4. Double-click the **Configure Attack surface reduction rules** setting and set the option to **Enabled**. You can then set the individual state for each rule in the options section: - Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: - Block mode = 1 - Disabled = 0 - Audit mode = 2 -![Group policy setting showing a blank ASR rule ID and value of 1](images/asr-rules-gp.png) - - - - - ### Use PowerShell to enable or audit Attack surface reduction rules +![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png) + +### Use PowerShell to enable or audit attack surface reduction rules 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: @@ -97,14 +76,11 @@ See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) to Set-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions Enabled ``` - - You can enable the feature in audit mode using the following cmdlet: ```PowerShell Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions AuditMode ``` - Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off. >[!IMPORTANT> @@ -124,15 +100,12 @@ You can also the `Add-MpPreference` PowerShell verb to add new rules to the exis >You can obtain a list of rules and their current state by using `Get-MpPreference` -### Use MDM CSPs to enable Attack surface reduction rules +### Use MDM CSPs to enable attack surface reduction rules Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule. - - - ## Related topics -- [Reduce attack surfaces](attack-surface-reduction-exploit-guard.md) -- [Customize Attack surface reduction](customize-attack-surface-reduction.md) -- [Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md) +- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) +- [Customize attack surface reduction](customize-attack-surface-reduction.md) +- [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 62f8359359..215af49b84 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -14,8 +14,6 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - - # Enable controlled folder access @@ -23,29 +21,26 @@ ms.date: 08/08/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). This topic describes how to enable Controlled folder access with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). - ## Enable and audit controlled folder access You can enable controlled folder access with the Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine. - >[!NOTE] >The Controlled folder access feature will display the state in the Windows Defender Security Center app under **Virus & threat protection settings**. >If the feature is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Defender Security Center app after a restart of the device. >If the feature is set to **Audit mode** with any of those tools, the Windows Defender Security Center app will show the state as **Off**. >See [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) for more details on how audit mode works. >

->Group Policy settings that disable local administrator list merging will override Controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through Controlled folder access. These policies include: +>Group Policy settings that disable local administrator list merging will override controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through controlled folder access. These policies include: >- Windows Defender Antivirus **Configure local administrator merge behavior for lists** >- System Center Endpoint Protection **Allow users to add exclusions and overrides** >For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). -### Use the Windows Defender Security app to enable Controlled folder access +### Use the Windows Defender Security app to enable controlled folder access 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -70,28 +65,29 @@ You can enable controlled folder access with the Security Center app, Group Poli ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png) >[!IMPORTANT] ->To fully enable the Controlled folder access feature, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. +>To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. -### Use PowerShell to enable Controlled folder access +### Use PowerShell to enable controlled folder access + +1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell Set-MpPreference -EnableControlledFolderAccess Enabled ``` -You can enable the feauting in audit mode by specifying `AuditMode` instead of `Enabled`. +You can enable the feature in audit mode by specifying `AuditMode` instead of `Enabled`. Use `Disabled` to turn the feature off. -### Use MDM CSPs to enable Controlled folder access +### Use MDM CSPs to enable controlled folder access Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders. ## Related topics -- [Protect important folders with Controlled folder access](controlled-folders-exploit-guard.md) -- [Customize Controlled folder access](customize-controlled-folders-exploit-guard.md) +- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) +- [Customize controlled folder access](customize-controlled-folders-exploit-guard.md) - [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index c9c10f4b93..91f8b6b1bb 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -1,5 +1,5 @@ --- -title: Turn on Exploit protection to help mitigate against attacks +title: Turn on exploit protection to help mitigate against attacks keywords: exploit, mitigation, attacks, vulnerability description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. search.product: eADQiWindows 10XVcnh @@ -14,11 +14,8 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - - # Enable exploit protection - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) @@ -45,7 +42,6 @@ See the following topics for instructions on configuring exploit protection miti 1. [Configure the mitigations you want to enable or audit](customize-exploit-protection.md) 2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml.md). - ## Related topics - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index 93d25b4d0b..af47213614 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -1,5 +1,5 @@ --- -title: Turn Network protection on +title: Turn network protection on description: Enable Network protection with Group Policy, PowerShell, or MDM CSPs keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on search.product: eADQiWindows 10XVcnh @@ -14,59 +14,40 @@ ms.author: v-anbic ms.date: 05/30/2018 --- - -# Enable Network protection - +# Enable network protection **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +Network protection helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. +This topic describes how to enable network protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM). +## Enable and audit network protection - - - - - - - - - - -Network protection is a feature that helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. - -This topic describes how to enable Network protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM). - - -## Enable and audit Network protection - -You can enable Network protection in either audit or block mode with Group Policy, PowerShell, or MDM settings with CSP. +You can enable network protection in either audit or block mode with Group Policy, PowerShell, or MDM settings with CSP. For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md). +### Use Group Policy to enable or audit network protection -### Use Group Policy to enable or audit Network protection +1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**. -3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -5. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**. - -6. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following: +4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following: - **Block** - Users will not be able to access malicious IP addresses and domains - **Disable (Default)** - The Network protection feature will not work. Users will not be blocked from accessing malicious domains - **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address. >[!IMPORTANT] ->To fully enable the Network protection feature, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu. +>To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu. - - ### Use PowerShell to enable or audit Network protection + ### Use PowerShell to enable or audit network protection 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: @@ -75,7 +56,7 @@ For background information on how audit mode works, and when you might want to u Set-MpPreference -EnableNetworkProtection Enabled ``` -You can enable the feauting in audit mode using the following cmdlet: +You can enable the feature in audit mode using the following cmdlet: ``` Set-MpPreference -EnableNetworkProtection AuditMode @@ -84,14 +65,12 @@ Set-MpPreference -EnableNetworkProtection AuditMode Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off. +### Use MDM CSPs to enable or audit network protection -### Use MDM CSPs to enable or audit Network protection - - -Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure Network protection. +Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure network protection. ## Related topics - [Protect your network](network-protection-exploit-guard.md) -- [Evaluate Network protection](evaluate-network-protection.md) +- [Evaluate network protection](evaluate-network-protection.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 0a7e07c36c..2c5e663e91 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -17,7 +17,7 @@ ms.date: 08/08/2018 This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. Some applications, including device drivers, may be incompatible with HVCI. -This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. +This can cause devices or software to malfunction and in rare cases may result in a blue screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. ## How to turn on HVCI in Windows 10 diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index d641593a68..68cbd98e27 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -1,5 +1,5 @@ --- -title: Use a demo to see how ASR can help protect your devices +title: Use a demo to see how ASR rules can help protect your devices description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo search.product: eADQiWindows 10XVcnh @@ -14,31 +14,15 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - -# Evaluate Attack surface reduction rules +# Evaluate attack surface reduction rules **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. - - - - - - - - - - - - - - -Attack surface reduction is a feature that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. - -This topic helps you evaluate Attack surface reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization. +This topic helps you evaluate attack surface reduction rules. It explains how to demo ASR rules using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization. >[!NOTE] >This topic uses a customized testing tool and PowerShell cmdlets to make it easy to enable the feature and test it. @@ -47,10 +31,9 @@ This topic helps you evaluate Attack surface reduction. It explains how to demo >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. +## Use the demo tool to see how attack surface reduction rules work -## Use the demo tool to see how Attack surface reduction works - -Use the **ExploitGuard ASR test tool** app to see how Attack surface reduction rules are applied in certain key protection and high-risk scenarios. These scenarios are typical infection vectors for malware that use exploits to spread and infect machines. +Use the **ExploitGuard ASR test tool** app to see how attack surface reduction rules are applied in certain key protection and high-risk scenarios. These scenarios are typical infection vectors for malware that use exploits to spread and infect machines. The tool is part of the Windows Defender Exploit Guard evaluation package: - [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) @@ -95,9 +78,9 @@ Choosing the **Mode** will change how the rule functions: Mode option | Description -|- -Disabled | The rule will not fire and no event will be recorded. This is the same as if you had not enabled Attack surface reduction at all. -Block | The rule will fire and the suspicious behavior will be blocked from running. An event will be recorded in the event log. This is the same as if you had enabled Attack surface reduction. -Audit | The rule wil fire, but the suspicious behavior will **not** be blocked from running. An event will be recorded in the event log as if the rule did block the behavior. This allows you to see how Attack surface reduction will work but without impacting how you use the machine. +Disabled | The rule will not fire and no event will be recorded. This is the same as if you had not enabled attack surface reduction rules at all. +Block | The rule will fire and the suspicious behavior will be blocked from running. An event will be recorded in the event log. This is the same as if you had enabled attack surface reduction rules. +Audit | The rule wil fire, but the suspicious behavior will **not** be blocked from running. An event will be recorded in the event log as if the rule did block the behavior. This allows you to see how attack surface reduction rules will work but without impacting how you use the computer. Block mode will cause a notification to appear on the user's desktop: @@ -111,7 +94,6 @@ The following sections describe what each rule does and what the scenarios entai ### Rule: Block executable content from email client and webmail - This rule blocks certain files from being run or launched from an email. You can specify an individual scenario, based on the category of the file type or whether the email is in Microsoft Outlook or web mail. The following table describes the category of the file type that will be blocked and the source of the email for each scenario in this rule: @@ -145,18 +127,13 @@ The following scenarios can be individually chosen: - Extension Block - Extensions will be blocked from being used by Office apps. Typically these extensions use the Windows Scripting Host (.wsh files) to run scripts that automate certain tasks or provide user-created add-on features. - ### Rule: Block Office applications from injecting into other processes - >[!NOTE] >There is only one scenario to test for this rule. - Office apps, such as Word, Excel, or PowerPoint, will not be able to inject code into other processes. This is typically used by malware to run malicious code in an attempt to hide the activity from antivirus scanning engines. - - ### Rule: Impede JavaScript and VBScript to launch executables JavaScript and VBScript scripts can be used by malware to launch other malicious apps. This rule prevents these scripts from being allowed to launch apps, thus preventing malicious use of the scripts to spread malware and infect machines. @@ -168,13 +145,10 @@ JavaScript and VBScript scripts can be used by malware to launch other malicious - VBScript - VBScript will not be allowed to launch executable files - - ### Rule: Block execution of potentially obfuscated scripts Malware and other threats can attempt to obfuscate or hide their malicious code in some script files. This rule prevents scripts that appear to be obfuscated from running. - - Random - A scenario will be randomly chosen from this list - AntiMalwareScanInterface @@ -203,7 +177,6 @@ Event ID | Description 1122 | Event when rule fires in Audit-mode 1121 | Event when rule fires in Block-mode - ## Use audit mode to measure impact You can also enable the Attack surface reduction feature in audit mode. This lets you see a record of what apps would have been blocked if you had enabled the feature. @@ -222,17 +195,14 @@ This enables all Attack surface reduction rules in audit mode. >If you want to fully audit how Attack surface reduction will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s). You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Attack surface reduction topic](attack-surface-reduction-exploit-guard.md). - - -## Customize Attack surface reduction +## Customize attack surface reduction rules During your evaluation, you may wish to configure each rule individualy or exclude certain files and processes from being evaluated by the feature. See the [Customize Exploit protection](customize-exploit-protection.md) topic for information on configuring the feature with management tools, including Group Policy and MDM CSP policies. - ## Related topics -- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md) +- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) - [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md) - [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index db37592aa5..bb7cb64964 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -1,5 +1,5 @@ --- -title: See how CFA can help protect files from being changed by malicious apps +title: See how controlled folder access can help protect files from being changed by malicious apps description: Use a custom tool to see how Controlled folder access works in Windows 10. keywords: Exploit protection, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try search.product: eADQiWindows 10XVcnh @@ -14,29 +14,17 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - -# Evaluate Controlled folder access +# Evaluate controlled folder access **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - [Controlled folder access](controlled-folders-exploit-guard.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. -This topic helps you evaluate Controlled folder access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization. +This topic helps you evaluate controlled folder access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization. >[!NOTE] >This topic uses PowerShell cmdlets to make it easy to enable the feature and test it. @@ -45,18 +33,16 @@ This topic helps you evaluate Controlled folder access. It explains how to demo >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -## Use the demo tool to see how Controlled folder access works +## Use the demo tool to see how controlled folder access works -Use the **ExploitGuard CFA File Creator** tool to see how Controlled folder access can prevent a suspicious app from creating files in protected folders. +Use the **ExploitGuard CFA File Creator** tool to see how controlled folder access can prevent a suspicious app from creating files in protected folders. The tool is part of the Windows Defender Exploit Guard evaluation package: - [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) -This tool can be run locally on an individual machine to see the typical behavior of Controlled folder access. The tool is considered by Windows Defender ATP to be suspicious and will be blocked from creating new files or making changes to existing files in any of your protected folders. - -You can enable Controlled folder access, run the tool, and see what the experience is like when a suspicious app is prevented from accessing or modifying files in protected folders. - +This tool can be run locally on an individual machine to see the typical behavior of controlled folder access. The tool is considered by Windows Defender ATP to be suspicious and will be blocked from creating new files or making changes to existing files in any of your protected folders. +You can enable controlled folder access, run the tool, and see what the experience is like when a suspicious app is prevented from accessing or modifying files in protected folders. 1. Type **powershell** in the Start menu. @@ -79,7 +65,7 @@ You can enable Controlled folder access, run the tool, and see what the experien ![Exampke notification that says Unauthorized changes blocked: Controlled folder access blocked (file name) from making changes to the folder (folder name)](images/cfa-notif.png) -## Review Controlled folder access events in Windows Event Viewer +## Review controlled folder access events in Windows Event Viewer You can also review the Windows event log to see the events there were created when using the tool. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-attack-surface-reduction-events). @@ -96,15 +82,15 @@ You can also review the Windows event log to see the events there were created w Event ID | Description -|- 5007 | Event when settings are changed -1124 | Audited Controlled folder access event -1123 | Blocked Controlled folder access event -1127 | Blocked Controlled folder access sector write block event -1128 | Audited Controlled folder access sector write block event +1124 | Audited controlled folder access event +1123 | Blocked controlled folder access event +1127 | Blocked controlled folder access sector write block event +1128 | Audited controlled folder access sector write block event ## Use audit mode to measure impact -As with other Windows Defender EG features, you can enable the Controlled folder access feature in audit mode. This lets you see a record of what *would* have happened if you had enabled the setting. +You can enable the controlled folder access feature in audit mode. This lets you see a record of what *would* have happened if you had enabled the setting. You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period. @@ -115,21 +101,18 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode ``` >[!TIP] ->If you want to fully audit how Controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s). -You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [Controlled folder access topic](controlled-folders-exploit-guard.md). - +>If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s). +You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders-exploit-guard.md). For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md). - - ## Customize protected folders and apps During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files. -See the main [Protect important folders with Controlled folder access](controlled-folders-exploit-guard.md) topic for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP. +See [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP. ## Related topics -- [Protect important folders with Controlled folder access](controlled-folders-exploit-guard.md) +- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) - [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md) - [Use audit mode](audit-windows-defender-exploit-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index d4d3705b4a..b4745a488f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -14,20 +14,17 @@ ms.author: v-anbic ms.date: 05/30/2018 --- - - # Evaluate exploit protection **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in exploit protection. -This topic helps you evaluate exploit protection. For more information about what exploit protection does and how to configure it for real-world deployment, see [Exploit protection](exploit-protection-exploit-guard.md) . +This topic helps you evaluate exploit protection. For more information about what exploit protection does and how to configure it for real-world deployment, see [Exploit protection](exploit-protection-exploit-guard.md). >[!NOTE] >This topic uses PowerShell cmdlets to make it easy to enable the feature and test it. @@ -50,13 +47,13 @@ First, enable the mitigation using PowerShell, and then confirm that it has been Set-ProcessMitigation -Name iexplore.exe -Enable DisallowChildProcessCreation ``` -1. Open Windows Security by clicking the shield icon in the task bar or searching the Start menu for **Defender**. +3. Open Windows Security by clicking the shield icon in the task bar or searching the Start menu for **Defender**. -2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then **Exploit protection settings** at the bottom of the screen. +4. Click the **App & browser control** tile (or the app icon on the left menu bar) and then **Exploit protection settings** at the bottom of the screen. -3. Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**. +5. Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**. -4. Find the **Do not allow child processes** setting and make sure that **Override System settings** is enabled and the switch is set to **On**. +6. Find the **Do not allow child processes** setting and make sure that **Override System settings** is enabled and the switch is set to **On**. Now that you know the mitigation has been enabled, you can test to see if it works and what the experience would be for an end user: @@ -78,7 +75,6 @@ Lastly, we can disable the mitigation so that Internet Explorer works properly a 5. Validate that Internet Explorer runs by running it from the run dialog box again. It should open as expected. - ## Review exploit protection events in Windows Event Viewer You can now review the events that exploit protection sent to the Windows Event Viewer to confirm what happened. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-attack-surface-reduction-events). @@ -99,7 +95,6 @@ You can now review the events that exploit protection sent to the Windows Event Process '\Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe' (PID 4692) was blocked from creating a child process 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' with command line '"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4692 CREDAT:75009 /prefetch:2'. - ## Use audit mode to measure impact You can enable exploit protection in audit mode. You can enable audit mode for individual mitigations. @@ -112,8 +107,6 @@ See the [**PowerShell reference** section in customize exploit protection](custo For further details on how audit mode works, and when you might want to use it, see [audit Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md). - - ## Related topics - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) - [Enable exploit protection](enable-exploit-protection.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index dc6546e9a9..7bb7c2ecf8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -1,5 +1,5 @@ --- -title: Conduct a demo to see how Network protection works +title: Conduct a demo to see how network protection works description: Quickly see how Network protection works by performing common scenarios that it protects against keywords: Network protection, exploits, malicious website, ip, domain, domains, evaluate, test, demo search.product: eADQiWindows 10XVcnh @@ -14,30 +14,13 @@ ms.author: v-anbic ms.date: 08/09/2018 --- -# Evaluate Network protection - - +# Evaluate network protection **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - - - -Supported in Windows 10 Enterprise, Network protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). - -It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. +Network protection helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. @@ -47,7 +30,7 @@ This topic helps you evaluate Network protection by enabling the feature and gui >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -## Enable Network protection +## Enable network protection 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: @@ -68,8 +51,7 @@ You will get a 403 Forbidden response in the browser, and you will see a notific ![Example notification that says Connection blocked: Your IT administrator caused Windows Defender Security center to block this network connection. Contact your IT help desk.](images/np-notif.png) - - ## Review Network protection events in Windows Event Viewer +## Review network protection events in Windows Event Viewer You can also review the Windows event log to see the events there were created when performing the demo. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-attack-surface-reduction-events). @@ -81,18 +63,18 @@ You can also review the Windows event log to see the events there were created w 4. Click **OK**. -5. This will create a custom view that filters to only show the following events related to Network protection: +5. This will create a custom view that filters to only show the following events related to network protection: Event ID | Description -|- 5007 | Event when settings are changed -1125 | Event when rule fires in Audit-mode -1126 | Event when rule fires in Block-mode +1125 | Event when rule fires in audit mode +1126 | Event when rule fires in block mode ## Use audit mode to measure impact -You can also enable the Network protection feature in audit mode. This lets you see a record of what IPs and domains would have been blocked if the feature were enabled. +You can also enable the network protection feature in audit mode. This lets you see a record of which IP addresses and domains would have been blocked if the feature were enabled. You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how often the feature will block connections during normal use. @@ -101,17 +83,12 @@ To enable audit mode, use the following PowerShell cmdlet: ```PowerShell Set-MpPreference -EnableNetworkProtection AuditMode ``` - - >[!TIP] ->If you want to fully audit how Network protection will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s). +>If you want to fully audit how network protection will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s). You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Network protection topic](network-protection-exploit-guard.md). +## Related topics - - - ## Related topics - -- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md) +- [Protect your network](network-protection-exploit-guard.md) - [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md) - [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md index e7852096d0..ee57054634 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md @@ -14,48 +14,36 @@ ms.author: v-anbic ms.date: 05/30/2018 --- - - # Evaluate Windows Defender Exploit Guard - **Applies to:** - Windows 10, version 1709 and later - Windows Server 2016 - - - - - -Windows Defender Exploit Guard is a new collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software. +Windows Defender Exploit Guard is a collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software. Windows Defender Exploit Guard is comprised of four features. We've developed evaluation guides for each of the features so you can easily and quickly see how they work and determine if they are suitable for your organization. >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work. - Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisites are. - -- [Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md) -- [Evaluate Controlled folder access](evaluate-controlled-folder-access.md) -- [Evaluate Exploit protection](evaluate-exploit-protection.md) -- [Evaluate Network protection](evaluate-network-protection.md) +- [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) +- [Evaluate controlled folder access](evaluate-controlled-folder-access.md) +- [Evaluate exploit protection](evaluate-exploit-protection.md) +- [Evaluate network protection](evaluate-network-protection.md) You might also be interested in enabling the features in audit mode - which allows you to see how the features work in the real world without impacting your organization or employee's work habits: - [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) - - ## Related topics Topic | Description ---|--- -- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) -- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md) -- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md) -- [Protect important folders with Controlled folder access](controlled-folders-exploit-guard.md) \ No newline at end of file +- [Protect devices from exploits](exploit-protection-exploit-guard.md) +- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) +- [Protect your network](network-protection-exploit-guard.md) +- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index ceb60ddeb8..5ed5288983 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -15,19 +15,12 @@ ms.author: v-anbic ms.date: 08/08/2018 --- - # View attack surface reduction events - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - You can review attack surface reduction events in Event Viewer. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow. Reviewing the events is also handy when you are evaluating the features, as you can enable audit mode for the features or settings, and then review what would have happened if they were fully enabled. @@ -42,7 +35,7 @@ You can create custom views in the Windows Event Viewer to only see events for s The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w), or you can copy the XML directly from this page. -You can also manually navigate to the event area that corresponds to the Windows Defender EG feature, see the [list of attack surface reduction events](#list-of-attack-surface-reduction-events) section at the end of this topic for more details. +You can also manually navigate to the event area that corresponds to the feature, see the [list of attack surface reduction events](#list-of-attack-surface-reduction-events) section at the end of this topic for more details. ### Import an existing XML custom view @@ -82,11 +75,7 @@ You can also manually navigate to the event area that corresponds to the Windows 5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events). - - - - -### XML for Attack surface reduction events +### XML for attack surface reduction rule events ```xml @@ -97,7 +86,7 @@ You can also manually navigate to the event area that corresponds to the Windows ``` -### XML for Controlled folder access events +### XML for controlled folder access events ```xml @@ -108,7 +97,7 @@ You can also manually navigate to the event area that corresponds to the Windows ``` -### XML for Exploit protection events +### XML for exploit protection events ```xml @@ -128,7 +117,7 @@ You can also manually navigate to the event area that corresponds to the Windows ``` -### XML for Network protection events +### XML for network protection events ```xml @@ -140,8 +129,6 @@ You can also manually navigate to the event area that corresponds to the Windows ``` - - ## List of attack surface reduction events diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 3fa5e1d678..c24e1c694c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -14,10 +14,7 @@ ms.author: v-anbic ms.date: 08/09/2018 --- - - -# Protect devices from exploits with with Windows Defender Exploit Guard - +# Protect devices from exploits **Applies to:** @@ -30,32 +27,25 @@ It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You [configure these settings using the Windows Defender Security Center app or PowerShell](customize-exploit-protection.md) on an individual machine, and then [export the configuration as an XML file that you can deploy to other machines](import-export-exploit-protection-emet-xml.md). You can use Group Policy to distribute the XML file to multiple devices at once. When a mitigation is encountered on the machine, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. - You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Exploit protection would impact your organization if it were enabled. + You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how exploit protection would impact your organization if it were enabled. - Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See the [Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard topic](emet-exploit-protection-exploit-guard.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to Exploit protection on Windows 10. + Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See [Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard](emet-exploit-protection-exploit-guard.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to exploit protection on Windows 10. >[!IMPORTANT] - >If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows 10. You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. + >If you are currently using EMET you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows 10. You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. >[!WARNING] ->Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network. +>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network. -## Requirements + ## Review exploit protection events in Windows Event Viewer -Windows 10 version | Windows Defender Advanced Threat Protection --|- -Windows 10 version 1709 or later | For full reporting, you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - - - ## Review Exploit protection events in Windows Event Viewer - -You can review the Windows event log to see events that are created when Exploit protection blocks (or audits) an app: +You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app: 1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine. @@ -103,11 +93,11 @@ Win32K | 260 | Untrusted Font ## Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard >[!IMPORTANT] ->If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows Defender ATP. +>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. > ->You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. +>You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. -This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and Exploit protection in Windows Defender ATP. +This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Windows Defender ATP. Exploit protection in Windows Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options. @@ -120,10 +110,7 @@ For more information about the individual features and mitigations available in - [Protect devices from exploits](exploit-protection-exploit-guard.md) - [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) - - - - ## Feature comparison +## Feature comparison The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard. @@ -146,19 +133,15 @@ Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)]
[U Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
[Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited Windows event log monitoring Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)]
[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]
Limited to EAF, EAF+, and anti-ROP mitigations - - ([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx). -([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [Exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus. - - +([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus. ## Mitigation comparison -The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [Exploit protection feature](exploit-protection-exploit-guard.md). +The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [exploit protection feature](exploit-protection-exploit-guard.md). -The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection. +The table in this section indicates the availability and support of native mitigations between EMET and exploit protection. Mitigation | Available in Windows Defender Exploit Guard | Available in EMET -|:-:|:-: @@ -186,11 +169,6 @@ Validate handle usage | [!include[Check mark yes](images/svg/check-yes.svg)] | [ Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] - - - - - >[!NOTE] >The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process. > @@ -199,10 +177,10 @@ Validate image dependency integrity | [!include[Check mark yes](images/svg/check ## Related topics -- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) -- [Evaluate Exploit protection](evaluate-exploit-protection.md) -- [Enable Exploit protection](enable-exploit-protection.md) -- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) -- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md) +- [Protect devices from exploits](exploit-protection-exploit-guard.md) +- [Evaluate exploit protection](evaluate-exploit-protection.md) +- [Enable exploit protection](enable-exploit-protection.md) +- [Configure and audit exploit protection mitigations](customize-exploit-protection.md) +- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index 2da48a5d94..ecf3ead6e7 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -1,5 +1,5 @@ --- -title: Deploy Exploit protection mitigations across your organization +title: Deploy exploit protection mitigations across your organization keywords: Exploit protection, mitigations, import, export, configure, emet, convert, conversion, deploy, install description: Use Group Policy to deploy mitigations configuration. You can also convert an existing EMET configuration and import it as an Exploit protection configuration. search.product: eADQiWindows 10XVcnh @@ -14,62 +14,36 @@ ms.author: v-anbic ms.date: 04/30/2018 --- - - -# Import, export, and deploy Exploit protection configurations - +# Import, export, and deploy exploit protection configurations **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - - - - - - Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). -Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are now included in Exploit protection. +Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are now included in exploit protection. You use the Windows Defender Security Center or PowerShell to create a set of mitigations (known as a configuration). You can then export this configuration as an XML file and share it with multiple machines on your network so they all have the same set of mitigation settings. -You can also convert and import an existing EMET configuration XML file into an Exploit protection configuration XML. +You can also convert and import an existing EMET configuration XML file into an exploit protection configuration XML. This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration. -The [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into Exploit protection and then review the settings in the Windows Defender Security Center app, as described further in this topic. - - +The [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into exploit protection and then review the settings in the Windows Defender Security Center app, as described further in this topic. ## Create and export a configuration file Before you export a configuration file, you need to ensure you have the correct settings. -You should first configure Exploit protection on a single, dedicated machine. See the [Customize Exploit protection](customize-exploit-protection.md) topic for descriptions about and instructions for configuring mitigations. - -When you have configured Exploit protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Defender Security Center app or PowerShell. - - +You should first configure exploit protection on a single, dedicated machine. See [Customize exploit protection](customize-exploit-protection.md) for descriptions about and instructions for configuring mitigations. +When you have configured exploit protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Defender Security Center app or PowerShell. ### Use the Windows Defender Security Center app to export a configuration file - 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**: @@ -83,7 +57,6 @@ When you have configured Exploit protection to your desired state (including bot >[!NOTE] >When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections - either section will export all settings. - ### Use PowerShell to export a configuration file 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** @@ -98,10 +71,9 @@ Change `filename` to any name or location of your choosing. > [!IMPORTANT] > When you deploy the configuration using Group Policy, all machines that will use the configuration must be able to access the configuration file. Ensure you place the file in a shared location. - ## Import a configuration file -You can import an Exploit protection configuration file that you've previously created. You can only use PowerShell to import the configuration file. +You can import an exploit protection configuration file that you've previously created. You can only use PowerShell to import the configuration file. After importing, the settings will be instantly applied and can be reviewed in the Windows Defender Security Center app. @@ -115,16 +87,16 @@ After importing, the settings will be instantly applied and can be reviewed in t Set-ProcessMitigation -PolicyFilePath filename.xml ``` -Change `filename` to the location and name of the Exploit protection XML file. +Change `filename` to the location and name of the exploit protection XML file. >[!IMPORTANT] > ->Ensure you import a configuration file that is created specifically for Exploit protection. You cannot directly import an EMET configuration file, you must convert it first. +>Ensure you import a configuration file that is created specifically for exploit protection. You cannot directly import an EMET configuration file, you must convert it first. -## Convert an EMET configuration file to an Exploit protection configuration file +## Convert an EMET configuration file to an exploit protection configuration file -You can convert an existing EMET configuration file to the new format used by Exploit protection. You must do this if you want to import an EMET configuration into Exploit protection in Windows 10. +You can convert an existing EMET configuration file to the new format used by exploit protection. You must do this if you want to import an EMET configuration into exploit protection in Windows 10. You can only do this conversion in PowerShell. @@ -185,6 +157,6 @@ You can use Group Policy to deploy the configuration you've created to multiple - [Protect devices from exploits](exploit-protection-exploit-guard.md) - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) -- [Evaluate Exploit protection](evaluate-exploit-protection.md) -- [Enable Exploit protection](enable-exploit-protection.md) -- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) +- [Evaluate exploit protection](evaluate-exploit-protection.md) +- [Enable exploit protection](enable-exploit-protection.md) +- [Configure and audit exploit protection mitigations](customize-exploit-protection.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md index a24d063a73..03dd9e1ec9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md @@ -14,11 +14,8 @@ ms.author: iawilt ms.date: 08/09/2018 --- - - # Memory integrity - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 65be3c2ceb..934d1154de 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Use Network protection to help prevent connections to bad sites +title: Use network protection to help prevent connections to bad sites description: Protect your network by preventing users from accessing known malicious and suspicious network addresses keywords: Network protection, exploits, malicious website, ip, domain, domains search.product: eADQiWindows 10XVcnh @@ -14,9 +14,7 @@ ms.author: v-anbic ms.date: 08/09/2018 --- - - -# Protect your network with Windows Defender Exploit Guard +# Protect your network **Applies to:** @@ -26,15 +24,12 @@ Network protection helps reduce the attack surface of your devices from Internet It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). -It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). - >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. - Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). -When Network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. +When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Network protection would impact your organization if it were enabled. @@ -47,10 +42,9 @@ Windows 10 version | Windows Defender Antivirus Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled -## Review Network protection events in Windows Event Viewer +## Review network protection events in Windows Event Viewer - -You can review the Windows event log to see events that are created when Network protection blocks (or audits) access to a malicious IP or domain: +You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain: 1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *np-events.xml* to an easily accessible location on the machine. @@ -64,20 +58,17 @@ You can review the Windows event log to see events that are created when Network 4. Click **OK**. -5. This will create a custom view that filters to only show the following events related to Network protection: +5. This will create a custom view that filters to only show the following events related to network protection: Event ID | Description -|- 5007 | Event when settings are changed -1125 | Event when Network protection fires in Audit-mode -1126 | Event when Network protection fires in Block-mode - - - +1125 | Event when network protection fires in audit mode +1126 | Event when network protection fires in block mode ## In this section Topic | Description ---|--- -[Evaluate Network protection](evaluate-network-protection.md) | Undertake a quick scenario that demonstrate how the feature works, and what events would typically be created. -[Enable Network protection](enable-network-protection.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage the Network protection feature in your network. +[Evaluate network protection](evaluate-network-protection.md) | Undertake a quick scenario that demonstrate how the feature works, and what events would typically be created. +[Enable network protection](enable-network-protection.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index dc50235f04..158a8a98ac 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -1,5 +1,5 @@ --- -title: Requirements and deployment planning guidelines for irtualization-based protection of code integrity (Windows 10) +title: Requirements and deployment planning guidelines for virtualization-based protection of code integrity (Windows 10) description: To help you plan a deployment of Microsoft Windows Defender Device Guard, this article describes hardware requirements for Windows Defender Device Guard, outlines deployment approaches, and describes methods for code signing and the deployment of code integrity policies. keywords: virtualization, security, malware ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index a2e9bc9fb3..9c1b1a9259 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -1,5 +1,5 @@ --- -title: Troubleshoot problems with Attack surface reduction rules +title: Troubleshoot problems with attack surface reduction rules description: Check pre-requisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking search.product: eADQiWindows 10XVcnh @@ -14,23 +14,17 @@ ms.author: v-anbic ms.date: 05/17/2018 --- -# Troubleshoot Attack surface reduction rules +# Troubleshoot attack surface reduction rules **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - -- IT administrators - -When you use [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as: +When you use [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as: - A rule blocks a file, process, or performs some other action that it should not (false positive) - A rule does not work as described, or does not block a file or process that it should (false negative) - - There are four steps to troubleshooting these problems: 1. Confirm that you have met all pre-requisites @@ -38,11 +32,9 @@ There are four steps to troubleshooting these problems: 3. Add exclusions for the specified rule (for false positives) 3. Submit support logs - - ## Confirm pre-requisites -Attack surface reduction (ASR) will only work on devices with the following conditions: +Attack surface reduction rules will only work on devices with the following conditions: >[!div class="checklist"] > - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update). @@ -50,47 +42,44 @@ Attack surface reduction (ASR) will only work on devices with the following cond > - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled. > - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable ASR topic](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules). - If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode. ## Use audit mode to test the rule There are two ways that you can test if the rule is working. -You can use a pre-configured demo tool to confirm ASR is generally working on the device, or you can use audit mode, which enables the rule for reporting only. +You can use a pre-configured demo tool to confirm attack surface reduction rules are generally working on the device, or you can use audit mode, which enables rules for reporting only. -The demo tool uses pre-configured scenarios and processes, which can be useful to first see if the ASR feature as a whole is operating correctly. +The demo tool uses pre-configured scenarios and processes, which can be useful to first see if the attack surface reduction rule feature as a whole is operating correctly. If you encounter problems when running the demo tool, check that the device you are testing the tool on meets the [pre-requisites listed above](#confirm-pre-requisites). -You should follow the instructions in the section [Use the demo tool to see how ASR works](evaluate-attack-surface-reduction.md#use-the-demo-tool-to-see-how-attack-surface-reduction-works) to test the specific rule you are encountering problems with. +You should follow the instructions in the section [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md#use-the-demo-tool-to-see-how-attack-surface-reduction-works) to test the specific rule you are encountering problems with. >[!TIP] ->While the instructions for using the demo tool are intended for evaluating or seeing how ASR works, you can use it to test that the rule works on known scenarios that we have already extensively tested before we released the feature. +>While the instructions for using the demo tool are intended for evaluating or seeing how attack surface reduction rules work, you can use it to test that the rule works on known scenarios that we have already extensively tested before we released the feature. Audit mode allows the rule to report as if it actually blocked the file or process, but will still allow the file to run. -1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in the [Enable ASR topic](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules). +1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules). 2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed). -3. [Review the ASR event logs](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. - +3. [Review the attack surface reductio rule event logs](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. >[!TIP] >Audit mode will stop the rule from blocking the file or process. > >If a rule is not blocking a file or process that you are expecting it should block, first check if audit mode is enabled. > ->Audit mode may have been enabled for testing another feature in Windows Defender Exploit Guard, or by an automated PowerShell script, and may not have been disabled after the tests were completed. +>Audit mode may have been enabled for testing another feature, or by an automated PowerShell script, and may not have been disabled after the tests were completed. +If you've tested the rule with the demo tool and with audit mode, and attack surface reduction rules are working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation: -If you've tested the rule with the demo tool and with audit mode, and ASR is working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation: - -1. If the ASR rule is blocking something that it should not block (also known as a false positive), you can [first add an ASR exclusion](#add-exclusions-for-a-false-positive). -2. If the ASR rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data). +1. If the attack surface reduction rule is blocking something that it should not block (also known as a false positive), you can [first add an attack surface reduction rule exclusion](#add-exclusions-for-a-false-positive). +2. If the attack surface reduction rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data). ## Add exclusions for a false positive -You can add exclusions to ASR to prevent ASR rules from evaluating the excluded files or folders. +You can add exclusions to prevent attack surface reduction rules from evaluating the excluded files or folders. This is useful if you have enabled a rule, and it is blocking a file, process, or action that you believe it should not block. You can then collect data from an endpoint where the rule is not working correctly and send that information to us. @@ -101,12 +90,11 @@ To add an exclusion, see the [Customize Attack surface reduction](customize-atta > >This means any files or folders that are excluded will be excluded from all ASR rules. - If you have followed all previous troubleshooting steps, and you still have a problem (in particular, if you have a false positive), you should proceed to the next step to collect diagnostic information and send it to us. ## Collect diagnostic data -You can use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a problem with ASR. +You can use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a problem with attack surface reduction rules. When you fill out the submission form, you will be asked to specify whether it is a false negative or false positive. If you have an E5 subscription for Windows Defender Advanced Threat Protection, you can also [provide a link to the associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md) (if there is one). @@ -115,14 +103,8 @@ You must also attach associated files in a .zip file (such as the file or execut Follow the link below for instructions on how to collect the .cab file: > [!div class="nextstepaction"] -> [Collect and submit diagnostic data Windows Defender Exploit Guard issues](collect-cab-files-exploit-guard-submission.md) - - - - - +> [Collect and submit diagnostic data](collect-cab-files-exploit-guard-submission.md) ## Related topics -- [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) -- [Attack surface reduction](attack-surface-reduction-exploit-guard.md) +- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index 28b500c5c9..bca7b82775 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -1,5 +1,5 @@ --- -title: Deploy Exploit protection mitigations across your organization +title: Deploy exploit protection mitigations across your organization keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install description: Remove unwanted Exploit protection mitigations. search.product: eADQiWindows 10XVcnh @@ -14,28 +14,13 @@ ms.author: v-anbic ms.date: 08/09/2018 --- - - -# Troubleshoot Exploit protection mitigations - +# Troubleshoot exploit protection mitigations **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - - -When you create a set of Exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations. +When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations. You can manually remove unwanted mitigations in Windows Defender Security Center, or you can use the following process to remove all mitigations and then import a baseline configuration file instead. @@ -208,9 +193,9 @@ If you haven’t already, it's a good idea to download and use the [Windows Secu ## Related topics -- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) +- [Protect devices from exploits](exploit-protection-exploit-guard.md) - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) -- [Evaluate Exploit protection](evaluate-exploit-protection.md) -- [Enable Exploit protection](enable-exploit-protection.md) -- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) -- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md) +- [Evaluate exploit protection](evaluate-exploit-protection.md) +- [Enable exploit protection](enable-exploit-protection.md) +- [Configure and audit exploit protection mitigations](customize-exploit-protection.md) +- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md index 3019dd13f6..f2f8024158 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md @@ -14,14 +14,12 @@ ms.author: v-anbic ms.date: 08/09/2018 --- -# Troubleshoot Network protection +# Troubleshoot network protection **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - IT administrators When you use [Network protection](network-protection-exploit-guard.md) you may encounter issues, such as: @@ -29,8 +27,6 @@ When you use [Network protection](network-protection-exploit-guard.md) you may e - Network protection blocks a website that is safe (false positive) - Network protection fails to block a suspicious or known malicious website (false negative) - - There are four steps to troubleshooting these problems: 1. Confirm that you have met all pre-requisites @@ -38,19 +34,16 @@ There are four steps to troubleshooting these problems: 3. Add exclusions for the specified rule (for false positives) 3. Submit support logs - - ## Confirm pre-requisites -Windows Defender Exploit Guard will only work on devices with the following conditions: +Network protection will only work on devices with the following conditions: >[!div class="checklist"] > - Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update). > - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). > - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled. > - [Cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) is enabled. -> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable Network protection topic](enable-network-protection.md#use-group-policy-to-enable-or-audit-network-protection). - +> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable network protection topic](enable-network-protection.md#use-group-policy-to-enable-or-audit-network-protection). If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode. @@ -58,33 +51,33 @@ If these pre-requisites have all been met, proceed to the next step to test the There are two ways that you can test if the feature is working - you can use a demo website, and you can use audit mode. -You can enable Network protection and then visit a website that we've created to demo the feature. The website will always be reported as blocked by Network protection. See the [evaluate Network protection](evaluate-network-protection.md) topic for instructions. +You can enable network protection and then visit a website that we've created to demo the feature. The website will always be reported as blocked by network protection. See [Evaluate network protection](evaluate-network-protection.md) for instructions. If you encounter problems when running the evaluation scenario, check that the device you are testing the tool on meets the [pre-requisites listed above](#confirm-pre-requisites). >[!TIP] ->While the instructions for using the demo website are intended for evaluating or seeing how Network protection works, you can use it to test that the feature is working properly and narrow down on the cause of the problem. +>While the instructions for using the demo website are intended for evaluating or seeing how network protection works, you can use it to test that the feature is working properly and narrow down on the cause of the problem. -You can also use audit mode and then attempt to visit the site or IP (IPv4) address you do or don't want to block. Audit mode lets Network protection report to the Windows event log as if it actually blocked the site or connection to an IP address, but will still allow the file to run. +You can also use audit mode and then attempt to visit the site or IP (IPv4) address you do or don't want to block. Audit mode lets network protection report to the Windows event log as if it actually blocked the site or connection to an IP address, but will still allow the file to run. -1. Enable audit mode for Network protection. Use Group Policy to set the rule to **Audit mode** as described in the [Enable Network protection topic](enable-network-protection.md#use-group-policy-to-enable-or-audit-network-protection). +1. Enable audit mode for network protection. Use Group Policy to set the rule to **Audit mode** as described in the [Enable network protection topic](enable-network-protection.md#use-group-policy-to-enable-or-audit-network-protection). 2. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block). -3. [Review the Network protection event logs](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**. +3. [Review the network protection event logs](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**. >[!IMPORTANT] ->Audit mode will stop Network protection from blocking known malicious connections. +>Audit mode will stop network protection from blocking known malicious connections. > ->If Network protection is not blocking a connection that you are expecting it should block, first check if audit mode is enabled. +>If network protection is not blocking a connection that you are expecting it should block, first check if audit mode is enabled. > >Audit mode may have been enabled for testing another feature in Windows Defender Exploit Guard, or by an automated PowerShell script, and may not have been disabled after the tests were completed. -If you've tested the feature with the demo site and with audit mode, and Network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, proceed to the next section to report the site or IP address. +If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, proceed to the next section to report the site or IP address. ## Report a false positive or false negative -You can use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a problem with Network protection. +You can use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a problem with network protection. When you fill out the submission form, you will be asked to specify whether it is a false negative or false positive. If you have an E5 subscription for Windows Defender Advanced Threat Protection, you can also [provide a link to the associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md) (if there is one). @@ -93,11 +86,6 @@ You can also attach a diagnostic .cab file to your submission if you wish (this > [!div class="nextstepaction"] > [Collect and submit diagnostic data Windows Defender Exploit Guard issues](collect-cab-files-exploit-guard-submission.md) - - - - - ## Related topics - [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 1613918bd9..faec33884b 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -14,20 +14,12 @@ ms.author: v-anbic ms.date: 08/09/2018 --- - - # Windows Defender Exploit Guard - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees. There are four features in Windows Defender EG: @@ -63,13 +55,12 @@ This section covers requirements for each feature in Windows Defender EG. |--------|---------| | ![not supported](./images/ball_empty.png) | Not supported | | ![supported](./images/ball_50.png) | Supported | -| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Windows Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an Attack surface reduction rule that blocks executable files that meet age or prevalence criteria.| - +| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Windows Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.| | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | | Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | +| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | @@ -78,7 +69,7 @@ The following table lists which features in Windows Defender EG require enabling | Feature | Real-time protection | |-----------------| ------------------------------------ | | Exploit protection | No requirement | -| Attack surface reduction | Must be enabled | +| Attack surface reduction rules | Must be enabled | | Network protection | Must be enabled | | Controlled folder access | Must be enabled | @@ -87,8 +78,8 @@ The following table lists which features in Windows Defender EG require enabling Topic | Description ---|--- [Protect devices from exploits](exploit-protection-exploit-guard.md) | Exploit protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once. -[Reduce attack surfaces](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts. +[Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts. [Protect your network](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors. -[Protect important folders with Controlled folder access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data. +[Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data. From 73b8b21f60da027cedede846834fbeee6c15d6b1 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 18 Sep 2018 19:15:05 +0000 Subject: [PATCH 03/10] Fixed links. --- .../windows-defender-exploit-guard/troubleshoot-asr.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index 9c1b1a9259..6e21dfdc0f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -54,7 +54,7 @@ The demo tool uses pre-configured scenarios and processes, which can be useful t If you encounter problems when running the demo tool, check that the device you are testing the tool on meets the [pre-requisites listed above](#confirm-pre-requisites). -You should follow the instructions in the section [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md#use-the-demo-tool-to-see-how-attack-surface-reduction-works) to test the specific rule you are encountering problems with. +Follow the instructions in [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md) to test the specific rule you are encountering problems with. >[!TIP] >While the instructions for using the demo tool are intended for evaluating or seeing how attack surface reduction rules work, you can use it to test that the rule works on known scenarios that we have already extensively tested before we released the feature. @@ -63,7 +63,7 @@ Audit mode allows the rule to report as if it actually blocked the file or proce 1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules). 2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed). -3. [Review the attack surface reductio rule event logs](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. +3. [Review the attack surface reductio rule event logs](attack-surface-reduction-exploit-guard.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. >[!TIP] >Audit mode will stop the rule from blocking the file or process. From 5ebb3a5975d462c988a57244f7607c0d2b618169 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 18 Sep 2018 19:15:22 +0000 Subject: [PATCH 04/10] Updated troubleshoot-asr.md --- .../windows-defender-exploit-guard/troubleshoot-asr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index 6e21dfdc0f..847b1fa492 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 09/18/2018 --- # Troubleshoot attack surface reduction rules From 976033eb5de1654283fcb9e65893857dbde0bdc0 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 18 Sep 2018 19:16:54 +0000 Subject: [PATCH 05/10] Fixed link --- .../audit-windows-defender-exploit-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 93c4bdde11..e65385f3c5 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 08/08/2018 +ms.date: 09/18/2018 --- @@ -41,7 +41,7 @@ You can use Group Policy, PowerShell, and configuration service providers (CSPs) Audit options | How to enable audit mode | How to view events - | - | - Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer) -Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) +Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) Audit applies to all events | [Enable network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer) From 10aa069a955ea541afd4eb0ea739b9583743ee87 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 18 Sep 2018 12:23:15 -0700 Subject: [PATCH 06/10] edits --- .../interactive-logon-machine-inactivity-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index eec6a03a0a..80ac149b39 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -26,7 +26,7 @@ Beginning with Windows Server 2012 and Windows 8, Windows detects user-input ina The automatic lock of the device is set in elapsed seconds of inactivity, which can range from zero (0) to 599,940 seconds (166.65 hours). -If no value (blank) or zero (0) is present in the **Machine will be locked after** input field, then the policy setting is disabled and no action is taken on user-input inactivity for the session. +If **Machine will be locked after** is set to zero (0) or has no value (blank), the policy setting is disabled and a user sign-in session is never locked after any inactivity. ### Best practices From 0ba0684e49191391ec94a39422e5b87c8b2f7c25 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 18 Sep 2018 12:25:23 -0700 Subject: [PATCH 07/10] date --- .../interactive-logon-machine-inactivity-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index 80ac149b39..fa9637e81f 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 04/19/2017 +ms.date: 09/18/2018 --- # Interactive logon: Machine inactivity limit From 9940e15f311fb41b3e4bbc5d919988a98ed6d293 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 18 Sep 2018 20:06:16 +0000 Subject: [PATCH 08/10] Fixed link. --- .../audit-windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index e65385f3c5..57927f648c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -41,7 +41,7 @@ You can use Group Policy, PowerShell, and configuration service providers (CSPs) Audit options | How to enable audit mode | How to view events - | - | - Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer) -Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) +Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md) Audit applies to all events | [Enable network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer) From fa992360f2216d7d47d395d10bbd9d87adda8b6c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 18 Sep 2018 15:08:42 -0700 Subject: [PATCH 09/10] update mcas adv settings --- ...d-features-windows-defender-advanced-threat-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 28bcbdb441..5fe6b6092f 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -81,7 +81,10 @@ When you enable this feature, you'll be able to incorporate data from Office 365 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512). ## Microsoft Cloud App Security -Enabling this setting forwards Windows Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. +Enabling this setting forwards Windows Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data. + +>[!NOTE] +>This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later. ## Azure information protection Turning this setting on forwards signals to Azure Information Protection, giving data owners and administrators visibility into protected data on onboarded machines and machine risk ratings. From b6647aea27eb1747f42e352e163b6bc859e5fe00 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 18 Sep 2018 15:13:21 -0700 Subject: [PATCH 10/10] add note to conceptual mcas integration topic --- .../microsoft-cloud-app-security-integration.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md index 4b4962140d..51dfb9bf97 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 09/03/2018 +ms.date: 09/18/2018 --- # Microsoft Cloud App Security integration overview @@ -21,6 +21,9 @@ ms.date: 09/03/2018 Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that gives visibility into cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. For more information, see [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security). +>[!NOTE] +>This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later. + ## Windows Defender ATP and Cloud App Security integration Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Windows Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.