From 451f1109a41731b78a5a0f15a3c55acf9044ebbb Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 24 Aug 2020 11:27:34 -0700 Subject: [PATCH 01/69] acrolinx and new section --- .../images/analysis-results-nothing500.png | Bin 0 -> 28058 bytes .../images/atp-download-file-reason400.png | Bin 0 -> 18534 bytes .../images/atp-stop-quarantine400.png | Bin 0 -> 33150 bytes .../images/atp-stopnquarantine-file400.png | Bin 0 -> 21044 bytes .../respond-file-alerts.md | 87 ++++++++++-------- 5 files changed, 47 insertions(+), 40 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/analysis-results-nothing500.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/atp-download-file-reason400.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine400.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/atp-stopnquarantine-file400.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/analysis-results-nothing500.png b/windows/security/threat-protection/microsoft-defender-atp/images/analysis-results-nothing500.png new file mode 100644 index 0000000000000000000000000000000000000000..65918144227d37a69fd7bdf29a4e2de4787273e5 GIT binary patch literal 28058 zcmbT7Ra9KT(x^$W1Wh2gg)`J0FnDgxS?gcx z-v9AF?Cz@G-CYmed#|s%s=`&3WiZi*(GU<2Fy&;W)DaNg-29Ut-=X{~HOm^5|5a~X z)MX?PD#u9=|0zfo;!5HO2sN?j&&J6A^!JXk+AatPSbhI_-Xt+%ksu)0vC2t_13e8+ zS5bdt%J|;DoUfgo-mZDWvcTtK3AQ7v&BMs1vTxr9i%I;TX0<|keIKCuwr^u?hqg?& zV_tAItCCm$yknlZ=`_p2!92r6mjh*c8_vFUcX&O@Ir03xakLuXETkY~=&wZcP4~Xg@koVaSo3TzU#VIeXn|IE{sF~Ri8)G{7Z+E}v z5yOkViNCRAB??abx}JCYGQuOG45mU41vy>@k_v8EzNQ)zvoa2)kibXsM2jO{B@8ar z87q_grkLk}Hxnz^`_Jfq2Q2!7T!sFJ_TDlvkg$ItsR;f>#+5=d}Gq@$h?+ucVRh4 zlRF$@_?nZOn-`I8`owP_(jD0HdIC1bMyynw-tHChepJHk(BzvV{JrjTC!$fIBli-n zAIv(Qf8xqM=4OsTk{@lVByw|OG!6tOhztW)u7Hh}E1 zx594%+jO^ER~jkgO$-0HL+<@^`x|CzD4lkPU&B-Lc98xCuIy|4wcb}DmE%&@Izax) zNah~<-Ra^`e*#0ojK!30`b2*%Y33U_VCJ%ly%%EzE}#&F-_veTd6>jIO_VNh##=cd zF{9Va2xID1V}QwEhjgX)VI}g0zhDZESM#)?o%wNUmelj7KEYCI7gySwL~N%{$rB$Z zx}pYOvr(nun;Ve`mQU)_JOe8ypIpy=y|`Bt?aMabj`*C`!BxF?v=!+YFV0xD$6jOz zU4O>oZ1#V26Y)wqEi4*vbe#7CFGKlsSLEk1wFx_1`HDv~g_;uq1oC0o+!^^VRg)|0 zmBm$THp(Fa=TxLZPFPhJuB4~P7>~57+Q7<67Y2SAEF-wHqtUsaj&u}tu)w>h92xId zT~Z-kG1p-xiRX4<$cvI>#ciKmd#Fl!`N-5FB7e@9}sF|*GyZaXw7l999+*`(j({H$@ey8>`N*tiH;rVAd$SKroq=sy0CKXhhtes~{wAiv21wWAW}##)^I+bmqEI^7er@T+fvxcD*%t-(!CUq$@u=tnzW% zD|0gybES?lF>v_1o`Lk-N;R^kB$3@XJ6hzE*TqyDpZAGSZ%{>jte49~LF@;dt+A^I z`ulIiwN|G>F`3N9mjk=yZMQ5vO1?nXsA_nUe!2fmovlvkTMc7$m{)%}_+aLqYj^6b zeSo}4Ud7qx9ikoc^SsKs(dN}Isppmq=@Oi);m%SbG-5FYFp_3k5~f|9Hkmzh!g_RP zTTW$uhm+v5?0Kj~Q^Y{Hw5{=B#XCDQ{fz{UMGc>D>b?PAupr4x&jB-EPf|9Eax#3< z)rwW}&5#*Q@U)J5Kx6zHgH^x47KP*w8xC|L(l1`e(Uxj$%6?XYEkojFBq?=^i#UhX;J zQS|R872A!9;(BZ;Xi6z}aQbgQK#h3$UU+I(jeAQqGf-*jzT3YQ5iusbIlnR7N?9K{ z`OR*?4_@KiZ$d{?C}`+-o6#HIDFOr=k|th(AoM2(FH|A6 z&+0|X1paugRkebr_k@@XB9Ax+vmzoFR9v&6Q}NqT>r5mBY5jduY248cD? zL%wa5-4*SQ+=OB&%d4DF8}If?JuLJ4?(uEo(lRxAG%yLB9H|px8r6J8u&Q8k?V6DssNt==iLFN?Dn?PqhE4FZaTXJh{-R`xqhS&Z$ zI$~C}+!Ij|TPIYSQnJPu(fUjNo#AUJt9twSH?*aYRo!+vNdynyJ=Xh^MnPb@(DkR3 zk?^&VpRf-@B^pI#uh(3rvV4>x0!h5mD9gk26^DIh4Q%Evn`ETWWTNn#wy>|FtUe&b z*-fB7CeP^jyR&9<7WkSsYj4p$pZ?7L;x-7JGzMd<+agt z5(l%jb}!pjb9C+`GU~$Oxau1N2^44ka8hZ@u->=swNoHyzxsRu8J|f@ zprZi3ft&DK(gtwfuj2m)+y9b**UlTmFpGlyHRyQ)JLj|O?aP7y+M@pk6NF^0=CHfX zQphiOyJTWx5;dNjU~_FE^IIfg?YG3Ul5Ief-RARDZ)Tg8+)Dmf>b2o^xTZ3@w|K3$ zzLKM-P{6AnbxD8oy0ns_Y?eVT)4~P9u8iT1#d0ik*q?jz@;%al>*&%wq3?dqPMZGy z<>fUc6U(oy#6k8@n(eCT%wNPs&a-0H>KJ|j@ksoSUW`o%>BD*(|2F^S8}{5T7PDVzEV2q9a!`xd@=z{U#P!FS5X8$-BF(i2ltma?e-nF z*Y9Is`#g{o7L9J%#5&~NIE(l~DH|U;yFT~KO35jqQi@C8K)W5C2LW7<6&rxal6CRR zSh+6?bD_d~N!m4e&?XT>GEEsz36#tD_l2dlXEpciyn@-2&8}OLzH$aNX`AU9_FBnu z7Gvft8m@J>jbnYqq(e2ix}Lq$Yf=AQWV zbtXfYQ}p4aH=2~S(eWwzTF7OiXNZhR`!7O3C&k57z(1H&tj{x~$u-1I!Hsl7%Nj>7 zh`kH=O&5>8{EN)tv><5x=g3btYx&c`QgG$88=gd1Y+}@|UkC6r{PwngAD3j5yLDYS z)du(het8*h^p7(AssA^7PE3k!)~`!@#JucHY`mr-J$ZgSVYHK>48He`XYC(D&}fUS zqB!t=;$8BOvLD0RsB8(yrvHbn6x{C*{)4s{pVyrU{t4gT{g3`e{~cv;>YM*<=>LUW zvA3=NSePC0;H>>xc|HIURVeY_B*FKEi>+>DH~$6UwEyWNEB0Rl2>)LO{@37(cx2a- zkzKD_KfUvo?2*Hp_Ew&yN9EgzqPu-({q@GKByZ7qXRNLa_(TbI3JRQuLhW(&;n3^F zulU;k5$reVR8o~_u_f8odHuBECYt`7zSpyP|897r>fz6H$=!DI_|tKE>5Ctb|9)Ao zqpHDYa(Jn#ZSHw$IHwH*IzO+cX}RydN(bK@p1qy(m1s|~!8*Xo_&L0#r<~0vxnDiR zIp51O9yvkYbM+=E-MlnS6FUpUn?hFCUzuc9j?c*Qgj6MZEd;=th@kjwPqYMk^uqTR1<0Ibssyk}`HzIs@K03Oud3K*%Nu5a|4zW&{pCo7T~aIyc4r3x7; z@Ug1v@kOZvlycv%@I=_)+uQ+5&MvVr8|K{I8Qy)1GN63)<`i1 zg73hU7-6R@GiO8Kd)3-CzF{a6x^3AOz@(ALCwIpS+qBkLm|_ZIqV{eQ1Dwua zxwjN5y*9C9gw87ZBIH1}@=e=Y)Z5ToncH534|izUmEaWb;ilO{tI3+ZQv@6$9kQyxgu9(u;jT!F+rd0m z?{?eb&>H{xW+^>`h&-dPqakfAz$r@H$yUE9DvxpSVRJ?X_N-$7zVccMwOjF=FPUsB zCOja^E$Yn9dk<18{jt8hCZXURDzJ92oaCS)$xamloU7~%=!dXtjnR78fK94X9tXaU zW^bGUqvIs2L`I6B_$LfX9Tm*8y!9sDnydL0Gb>su9_L|CLYX|AV@jAe(Uxz9`xlI` zZ2Lb+%Y6Rm1f^2Roktd+aEvU@J>YcZcm%j+Tj%Hiyww zFmKve6tsQj=u?JOlvAXa2YHQ-$dUvpv=DOK;`{+1>f4cp0li}5DZBz^t%q63?=~g9iX<71F~q`ZNJu~; z(1)1}K?tL8w~hA%8;_N-vuiMI(wW+|tEppdUG(1FnIR;XnE~_mRtY0kx%6S_p^U2q zZe{Fg)R%RRbxiGU%4L%>K97cA$E?KF=mybWI<&S?H*bb(zRht{ZzE^uk{&xE7C1aU zFK#OtBr~eNa^BlPPPW&Jv2l&7ykjZn5zKO-c{C_5N8fS8+)+|w(s)x+#UUo&i`S#utmSB|h=_{~ITK3#8$FsIfa*PKmx-mGZK=zbgP&}LYGH=6Srr%Yl-U;J|BEFH0GKpd~ehycD&U*5@tpr*IxJ1 zH1Xsl10+u#wPvpp)~wmZ>qN3vYhGV)wyY|ef0wFo4K{TJI7of2>Zm6Bn`(*1vKRkp zzxOQvJI9OkP(_-_X1OYK`1nt1My1a3{!seqgo^(KE&X9Y=6Dt5a9ajC9^wIQ1|Jv_ zf)|OuQIxGut}m_D#W;Giy)ZBbjvLGH0@$=bw(U>ur8qI7P{)3Y`6Dd*bgT z7!&8nWJ(K-oZ#5JD5!Ww5)P=V;ep|BGRlE?7&cr%Q#SKcI__AyVxLN4NvS@6l>*J0 zy3T?=CW)l9&d^ogBeUf#F}?o>gf&K6S4AViv`~4M`t(|H!%VVWS1k#mPG|Am(0FJ* zdN8#a?v{m7epk2)jW3h-hu)UVkzmO8JQXv(2a7AV$3s5fO%8PYaq%kkwF+WG%z{oN zT@pUEX{F4rpS}BK;qNXf_YdCZn>>5D8)D^+`(>{>1@wJItx!AXFhs#S z(|6dE`wQ=JEG({j64$BNZRq3k@{T&I)t%`>f9zneocrO~STe+ntHWHlH@O$(+=-8EKv{BC-?HV87< z`yW0Xg<7o)A3L;*OF5(M5=@w0Uga6;=O|b4F{otseLRUw8TnJQ`otcB0swe^^fuzU z#iJ>l$d>VT`xqd14Knx%dHOS?E11)#$;?}JRmq774Uwln1(DOC-d$fE%18A!oV2Qb z%d85|Y;|(AYssu2@3(+Pa>BkR_&lZEs1&iBbFtvrP3-?-ckpX$J;QQ_pMIYel;sx6 zOa+$_P4<7_o0GC%Md-XU7|(Q|>TU|6i-9E)9p)F-BeRCKS`3G#=45SjR=J=0$Nvic z#Imbz{5sqpjQR*QaOAW=YtyQ6<+*(*ndO%OBzVN9-oH~OW9}K8A5I&&WlB%UyXukC zwIdQvM#y|A(h5>Pgs_@wNHc}Tra+!5VwaTB59w0E$<>m zJr?7Tok#*6yx=vo-XoSocg2nOU$znTU6 zX7p>X;4eM-m)zDKzdm%W-kmO2y)eTkgZZC#3p_a0JwseTWY9~&)r2{4)>2vZAI0Pf zy@7OdbV#K=9g|Re5u?Tj;$P!S+>BwDpa8Lk?+v%xiPK>bDs(jb@rCzNI6&kA?izgt zeuzs-wdbym#6ii!Fy5T)V$T(xO&HdVJB12vMyf>MBSGOEe-;|d2Y?Ira$gB&d?uub>Scuo|SsFTX178Z|s&|$v96pp2DZHlqw_G63tmt0wX$urACKh znF^t#{_QL@8&NZQ~k;j)j)DbOj}oWcVH$dc?GIPm+`^t8hP zpcDH!5nB6rnNjLEA|xxVY{!^II9q zcQ%?;X4}bQu6Q1C3HY+U+QI@!9stO-cAW`L8Ns-z9vLkUOGwnLD^B9oEP#mKCueW_?g+KeF+35Z(Lw&%(I2h-h2uXpj~WsA}gD7=%3Ke zSDw^O+W&cvx>?@9kl;BHTS|S8EV7J zi{+LBgFbZyg$(cn-a^Hp73Jep^z89F^;~WakiEQ;axC5*wHaP9g~1QfK@qvujUz>8 zrb+&q#6Z?|C&$)jh5+M_OxYPq3fkNim`9z?r6?V4fqPJAYZ9G<q6{Sx%~G&6 zSzf0BQwD{Kk_`z=Slny?wGBR_l_hD@cGM4Feusf(E+_qA`FdH4TgFWY*y_^@3>utL z_Wz5d#xPbRcgS#hDTRzNGX))PXo8Xk-y_TuPU>UaxKGcBD(hMEQ6=KzoKSs&HI-#F z2GGMYvr`WW^NNysYDY$Of5oKCC28C+e1L-WmAoNc0&qj0Aa>hC{5lfd2<;~7k-M@n?7 z|LPkWHq~1buyk11yQ1pqz?ergz0SO52W+?PP{l^||!_ z%)mS5#i7{PS1vOs;ui423W7aQPmJ}jv-d{`I?#;H{iz7#RjcM%)c+iy09T9(zY(gK|i5rW?72*7`Ry<)|moT|L)7?A_U zHF>u*vIaHnFL^h@2z}lXQBeHO*HHnhY}~0og@@&oRjSaE@Yn&9z85a(;L&u6p|o9F zovB8brsKov-fQlD3FJO@FzSbT6|!o{&!q9bSLkpOP(m@Bc9Z<24=JgHq}|uc;&9-* z^tQScN~vh}y^3!x9HUvPA9k!*Qc~&d#%^kQ%j<~EO`o$IGl=5M+~}$A7Up$E&`T1d z;5{?|rjv;(lb1cR3L1U2hHVvmr-#P!W7E66J9J+RuYe{YZ=1xe1% z@&dHAWKR;PeYWeg8$QSEeQc9=NP9BPXM`FPr;$SL3W&cRiBkAey&%pwpq9-sO8=Fz zU*U*ddVag~NLsFj87vmm%305GqFjx2et2-M9NGI_JvxRM8p(=VZyDpA9qa$~a>}Y) zuPMH0gurxmxN{_ilPz4O!cf9XjY`B%9OD)fhj@EzH(x&e2#uYHpygV!>W%^@OIfkJ zHJNwi_sZgthzo_9;2x}XBdcAVAWdxfbFV2r_xgr`=E%fGm}fg;&};`d=tyf+ZEVZx z>`5(a5GFK#N0iQ%vv5JkW8WFTPZVz5VvU{=Vnuvq`f^2s)P78S2=XnQd5Zf*Jjw+7 zx?F9K_&$Jk;GG350R#4Va{JtZx~nxUunB zH8J&6Uf8V$`5&yJcF3UbOBRE}zI`)#6-0#g#6S_sAu7P5d^MdBev?sH*AbG~qBJ9j zyCwX8-LsvKaZSsZDiEOjWvc}`AdS3BawC(Hmc}8*A6}SblcYj~s$hg zmz22tSP1?qje-K&Js7NBtOUDL)&R!}6|*Y=|!}!67I! zvkPHXCSm`4qPA`4Jn(%>olOc2VL|@_%(gX(<@?W+@lH{$O{Mr3NODBl!Ke?-Gs6GQ zehl{?IXG~wG=<}8=nJeJN7JzmB33z+?euX2KGxhrBRE#prS*f3qJwGTvIyl2E$XZl zQ)Nen^Y0r{E)2VVes)V7AC}cjT6O(a&~ZD*TgAC?M8}rGn8Vu zazl@~W*r*fpl8p|Hm*=eP2zj%kKKQ$?1Ot0~ZgLNXT37ZdWOHC#*(p>f+9P{!M zaaq4NKA2GX5(1vk0KB`U453RMv%GwYhT7yWesWTwPl;LF=ubNcJf=usm#!mycxi}r z2->fJqo~ZAMxH57p?)S<+wEm-%Q}smyb|D{inx*o5xthv3F_@ITTC2HIdFI@!&Eqy zEm=L``gy*y?88U$ifK{BDC>GJ6Dnb5(1H&RXd~+jp8(pmY!%vGyjF;yOmsVAh>#<@9GHi_WHF8U@)DV~RMgh5f&O(hS3Pcq!J zp`gW!_u-Vnv|_ulfK|;IOeIRc)wv4YD&bsz(t%b6K5z|I+3IkDTN9fhNROiAnRlJ~ zwbG7SX&#RvV&rf`ev=(cI>Ro9ulRJ?`-PZ;`-{99_M#eM8q_q4tY8(ofk2(7)m_J zUEZ?6_47)%o3Kr;un5T9kTZuF3pPwxf>!Nj>oL8OU;I*01R-_@*NQLXEqYP082^y# zp0TTo{M0VL!K07!c52e^3vk}aH^`VgL`Wd#mQJ%agSk=$E}$$yW**`vrNt*e-^Rq#Uo^Dx}(&H7Pqn?gda=9ubMo zAqB1bL8x5Q3l*lo*#^(zwe?vo3Vs?Tu33BzGjQy0GYT3}xJQ}cTI`5`qP^N_=s5hJ zi)1NfP?=mnUd{@+pP%1VxAL{xG~KQ?C(>;-`^T$D0cjd|(Ia1;Ok2j%bBEhMWJOI= z!VX?4m`mW%>2JPSugebv4z?E6g-1mI@k|68DAdF}_)ESDIRy?G3Vyqul=(DyN_%(K za^r4(cbw@?60JG>N6!a+1MyX7Wk1qB!ze!Q-Eq>pb%YFUO^9C?(?c;gb` z4@>z|-L7^mX_08Y>3GoZo;SLoVwwzH>Tw>$V*Qf;W%kzQOV>rmbx);lO+$HDj_3nd zlIGE&oz3&=+t#tdx8P{O+weK zcncu0zji6&B~)xoI1?U6BK3`ou$vAW)e@WS+$plj65Qe!0V=KokNes&nZC-S-4V=r z{K+*XZ(eCe@2&|rksdT##O?2W4>XP=V-){W=r}Ja}H;6-8q);b1REThx&R# z)j{Y*NwXf&@i&8sthZxD(n(p06lPXuX zzl3y1yvsh?{vAH^3vd5pd}G{a3RV=|%4!*I5ebu-!>r9(Zh%wBs_- z8O8X8JOj;1Ao*6d#@0GP^-V`oT zhFGvu1Y?i^(|DMZVP5dY)XYt(w3fAeyR}7&WmWs{ZqpP?Tc%z{XO_+&5UFU^VA35+KH}-g zf_G}jqkudMZ=48Y%*-IROUnk%crJCi%Uyy;QPT7E{yT*dwd@5#hD4hiz{b+Z9a3}=IsJX8?wDl8x1sPnpjn;-mT2ijVjqs9h$-1hf ztc~t<)E;$s9gcM|Ah0&lz4}DxiehwXO~*x_z7+GOR^qnZ?S^f)zaf~$qO^UcbI6ts zzVMM{&+zvSo}A&OHp>nuzNEN-gJ4qEFQUK#m}XZ=&1AcQLTX6LYsQjho{?J~a5^eF;zkO4Bha@W)JB7m_!M#!Pccw2<$1EdMk zaUD5SDMx8Z`1>re;GECuxZ75TL_67S4!!KNqgF6MOU8+UdGgIy-}~-F3wl;&8cLft zekf#EFc(2@RsHQ+oYs$f?q_WSjAPtf#+=0cEBdNKN`8@G zD%7;=* zsvO)JQh+o)qtP?{t*piMk&WNW>xlfCieBRh6r9M&k4$JP!S83pi$~MYH&BW>nBN-I94tG2vaTWrVjjB{W?HBY5ld3RU5%c-gAN$)YLD;E z$K`kgT-3J&KYDEgvjRuc0porN!6+7)-@l7|n{8|&^8?7UbAK&r1*24RUhG)Izn(6_WIgyL30kTz; zcjSHwtD)S4fkFHoe?dp-M}O!~KGQGsxm2Cdvhf7%XjR0xs(S7rS-7yU9bxqAW%OR6 z!+s@Y4&o&bn7N1y0)-1<3L$;mqtUl8uom>AcQ$Sb%cS+KsfI*wn=N)jQjNo3tE6OW zxC+KLCKah5IJ+lZApdPv`^9wGfn;KCSHL#i_>_>TMe26+&h%(a0pSi8Rxvpaq`f^u3$5uufbeUq94@#y^+ zI#Gq-@xvg!!QUJ#id3}uJ?jtdWu^ycW37um;AI{h+tZt<&KZ;1XxEFmeo|T`(_fGu zKm&u}lW32tG}JSfzcHMqYhZlyZ%{M~q_TbqRa<;)p~mP}7gPv+o7kKZ+y!o@>!e+x z`v5Kwy-s1W=q)Az{C}cLX|rS8 z#(L^pV=0q@qw~U@LP(BF&r{DXxga6p!>!9+JKdq$aioEUKjPy9+=oG*bJ&z>t!M1Y z)9{q-j$N_WMZbjOUGLRd4@ta5d`VTub2L6vbHgA&hN?RbOweeoj}_&AryUq*QC0tQ zgQ%^CfrVZ6*TeXqBhog@WZKqZ#tz%@Z>u5;Btio>O(^H)#@zZZl*7S(_f(|{=3&>y)UhuL%vL**<-mt$a4^k<^m<6Aa%zM zHf4|I$cqu?u=;*o0f)%95kzX1LqA)zd5^P{pc(C&ul)TZX{%jFipb+mF4EWRm6<$^ z)`}wIghc1^_XV4Su~ZTihYXG5;S_<|r%nqfnkF)}Zhp5nNS26Zct&Op5_&%1nPZvj zoH{r2G$Jfn?fE6Jx4L}RyQl*pHsv2(^&x?;xzT|m_w`YdEC@i=9lL9GLY_~w=?dtC zX{lys!(%>o0p^*4oU8J8?<2l%_SiPsY7OpOOuCloW?771ZoA$oag>6al9*?D-C9YN z13}mhddRCi5on`FkK?P=KLzK$$NdX<$t%Vpf4z|`HxxQQ_4qj2yXuOGd^y>OswF_D z#?3;<=X1rDh-(ToD5vJ?$!J|;mxpGgrV#(x_`^nkcGR*9z`i(G)opP;qdx7Rin?n| zC}2?HP3lAl%C6~Dz9Jp~P39E(R_7G6hlQ&%OP0vp;-DW=|(CCURyJO3Tm1<0t#n$;4Oz8 zvRQSR-e+xDXYGK@HQ&CMx;_Jtm8Ppw7vtQzK_s&~J+|l#;W2;-Do#9XiY+STK8Zkf z{+eoHt%bZF`7gl2vPwijPMm%So%b>=^xR?>3L6Ds&ccpfg-Wk1ddjb^Bt90UuyQzD zORjkQ)#wSVjPWuu8m}#4(yfbU3mOwbA)sn|)N zwSq~fDfW^3j8AJV#nvbW7ip>kI^TK8ap$B9fWoxdfPX*=E&l2!QN+<2v zc_8P)a-hf2TM*oK!0-ib0blzQ-hoO)$~gm5R~#x*K>A)~x*U}Ah0_>(K@!d5b9N96 zDl!k`CvgCpGetYw-F%IfhjztI2?KA7tS7W^q3zf=_1hW0`cDdt47_)Py?tUDLq;;& z9K-MNnl3IHRXADKQa0b8Y7;9eNQqWFML60_7VXEi3jbBq1Ay7YZBB%3p zUN82ML|?XJ&e?`F>H30rKM)J8o$*Rhv1CZSaXel4sLlwPt_B-1U!=GFvY3lLjTc=^ zDM$YBWgHY>lg@r9*?d|l^UkS$BQb95`CFuR-Pc~S>iX{Cw?Qv3U!h!LKXYg{DW&-? z_^k5<1MZd5Z7RVRygh_-8s#Vgk;KD?7LoA?6vZUPrjuPQY z(OacYAZQ7nJqLRp19RjW#lB+|+7fP5TE_|^lU|W;FDD3j6_vs(s>Y`_Teo**NaLPztU{32H3ThfDiJ8xH)&ye*@OLeA1LE7bf&1aW zfTF=(*7K|Gd1sF3-;u8EO62oro_k&|NVfG`kF~#ShWA&7bzD@_!t)aclK$riwAV;V zG%2MNv0E`pWyM|3+jf02St&e(qpqsi#qf~uJggWzpz~7)`~yL`c|l~~{U;P+;_7C` zJWQd-`wAUfuImvYA-Pj5FPqR#%bxYMQ3n9;j2*^C+-vnt!>x_CQyS3#+#$%< zl@oVCXy17)@_KUZ-bi27GPlG4-4k$oL<;^pm%#%i|2wPEazX5MQr8pLNHQzs`KVm+P1;!v>MRP9_ac!x z-db>L;~Pq2+m=%U5xA!Rgs=jz3Up}0Qq)b}cd9#Y3}g=d#<=ftGO3-AVBz%I_kORk zD{;53o~sM6SHI4F?tA=M_q=WJMc4NfO&7+^0YS6SBU#yLS{YheE_MfnWOjy25w*5V zThek*D}V;hZ{w2)0{o=m9YskC)umtU+bl@@A9nqXl#Xti-%2}BC`umrsli_gp}&fm zB+o+5{}f8X-e}5rsJ6Gu$qwyxhLUfN7(Sp_L3z2$15bk)(A{B2S6A-MgLW$8dILe& z{vlnjNBh7Fx2b}_U+x`ank01R-6PAfC&&t(JDmOl^W-f6GVe$7nFGYF`;`I@)#fKq zD_w*0R^ir(@pIjLwYgWZ1{3>%FRaB9ajew9)rP%gHDJYM9{;Tn71EKfq}Ja0H#vQ5 z1&(}rLGQpHG$di_4PIu7I8Cch9}J(jG}BUW3eOCaD3+S9de41IHW^s6a#|_sIi8fs zIFS3(}CC6XO#)`ghB13UV>o&?AdmkOiU`>SiUhto1*m7t?XtJ@BqjW~nVNGSPS zBgkt{{b>#bdFE_vQq0Z4MiA(N7(}(;c`WR6Hqq5*SN8qm2Jg#HaaIotsTUBu=I#VB z8qyV0;D)>63ui`Z^Y1#}Ca;%ya<1p$IuB;REr5<<-`=%UY6+&h!i?{4NEtWx?6besB(fOy`@+|m9F6D~i?sJ7%;%OAhKHrzaOb6Fvys<5Xx zA^I%96-5vGGdsP$&MPk)N3phclnxP^yc#iKZ_BZ}z#^-2@C)7*r#j)gdBt9Nbeq3V zZaY#79>g)D*f{A|n03WscX;K14O{O$?=q+-ms1JTB88$|K{ox6q>2)4N%x=oNBG|6 zrwP&}-bHW%d2SOj8wh(Z%%$C&&ble`w+eu3$REkbe~cX&g@%3}{8_1QE5l0Bj z+G5Yo&&!BEnfKArK@7B+!YQTkK6Plf3n|=+O*j_0EC_Qf!MerjO9W~92g=aKzS)|5 zlK%TaV^nVUV5rX3!v?XR+H{g(z0~uuOa%a3RXlpei>gm%H@>E$7fuR82x|43nJfzl zagasY4AA*KD~-lEvmp8{KQU+=HiLp*+EK|FC!#AGMi)!%$Q?JRc>38eK*F1iB#=u@WnzUN7E~*PpQnJ zEoB*m&Az|jB(ICQ0N#&23((vpQ^vCv=gA1V;ZG~-_y5_y;-TZB4U@@+{y0D zoyM)2&XA95BB*&!e=|$qBzOBtP^B+Z{!~YTD93J0syTRz7NIKKs;FTW?DW`&3`bx; z;sB^E%WAqHZld$lI(IXn=%CS;TGO)dlZm=fg!cEB=}v`HvPBeGb(0FZyzlzsnUJ9V zPF*;0q0jOJnm?k51xjj*Y*Em3DxywFjxk`;s6$H_S;hONr_S_qKXzJxuYZ7<$R;&4%@*&H@?$F|QrQb1kjl7!Yw?pFpZL>n>Jbgr5{AFjyLP>!>bn5+ z4H3ULuAn6L11{+2Y-wwgFMHi0dsSM+#9cgS5e!1+)OZdcwLz#s+nQ*El%b$GCRtxu zJzf7Gl-z)~2yd5Z!BOx%C3O1s{TJZvRzboRFkmu1IZN3az#md=ww1{|OI$aEkqHby zFzG2qtk-z3>R9gcY>2k*KX{Q02X>gY_5RKW)eW^drVD`P_RUJOI~cM%yEpkz7=~K( zl(in^r+eu5k^oYDncSlaF=oSO-@s5FYooWGZeil-qAE{6UgM^&ZX z0B*}!ZsjmEwT7Uqh|IcKc=JNFG4l2IpU!8a+9-+)ldSp!MytqZBS*5S9Z{bFjQud* z!XoO#bn>!05@j7djJ3oLy+4foyh7Rk@@t(RMv0{LI-yZTanNx&n-iIkZ;ppsUIJhy zhK~0PY2btzQ^y56sevL~V-g@{5RDXa=_9O2)0|ZzDco_(WY%faE|ayK+I$hytPjc5 z4a~{NECG{q?}7Q2L_-NbmL5@=#(7^brKDg-CNt+>ZLwSHde6G4XznhGl`o~Zx2N_2 zpDSLtVh>gvT5PCF``;1S0mnP;Y)V=J1@j^s8X*G(=i#R^xj!;Q=l*w3!@ z!I-i-Yg%a-C>b+1YHtWkXF(_7t#BR8vdQb%eU*U=-dw)Y;!)Gp-0&L3>itn-H}ia!&Y$XzQ)tphMJ4cy)#hzppI?ec2hEpz>3cZkSDhZ~f)$@xNWOetg{i(=|0XWnQ(K|>zT$J1&8EoF0jhq(kQCBv|0stF-^|M|J@0v7%W7AcX~Y# zGfqwlwaCf`w{za5`zw}j_hRUR92nK5J=-+gN09Uj0Mz}8{&}Dt!5xD=!J3@U*m5Fd+=NIW&UXT87OX!_9#sSOHlFsV7*^6EM1QAQt!dUJhI27+c zS@(TaZF>$af+eFn`a(+fQ+Ou%&-}iX!F$=_KBK;w0*R4SpQ9WNQR&tMWX+#Gs|B$5 zJ@ny55#@(tr*0iwZr>>J$%aK2^897mM^_*uCZcs&LwmdadKmJbxhv=0Fqvl5(<8Yp z@jYx;rQVs6G9H?*w)4g4F;LR;rvutzjA{>uQd0to+5%huPi@~B)npf?`}y%97C;dZ zkR}#TdXr8-K~Sj@dI?CC8fs{Ph)R2wFGTZ}i*vP|e%Zbp5TUr0WcuXceE(&w z#zs6Q{@b=A2SKDnwz&9b%;{3Vt5S4lAzUJ7!mTu^N4$BSJ?pD!{N zUH^wz#(gIJ;y=Y2t1Wqp@tAbjkoy@@ZQ)iY$F&t8@B550Q`ccecDJ<;b?m+~$#-k}M9=%;*xvJzf_@q|Xb1rH>I=(V3 zx9z9YnBOzJMBlU2Twe(G#mS}+uCGE^_qW2*T(0Ei%yA8TEtMBx80`OPrcu{z@==}J zNBG!F5ER3D2-m?y&9Rik&|!bLq5H>uPmT@OEAsrb*!;R6xTTnT8nPL+W-bl-O|G51I!_g%|&dig@{FuY6VGZB0`koQLWb?WlYKb;%!V9<0o$YPT(y^vff3K>g7RlHz{0(R^n77k;H?Q> za${(*5maZ~Vdux_H>BKg?=E)E%w8T@y+z>jE(re3T=Ri$?-rB8;VrSW-!WwMnGj)lDymV6mn7FZpP?fyzGR<#-As}joYs*38#s}Y`m@QR zHf$dU)*S%^_rLBa`8=5uwBz6;YgDrX*v^#6s2^N`e^Ib<{NgWOMp|R&OhuW{d3cVtmHHFcw||VqV@KQ6Qzp-W z{Gj1BIUVH03t{E~=wl6?(YIv+F*bW?xqfjw^<5S^L`5 zIylE=UB0@E42(*1f!7Uh0~7It*v3;0$l9j}Oz>;e2zI~$@wEZGAO$}@b6s9GL`8flva3le_l3^` z05heZ>9iDqXHpZXEH%EM_Zcq2Rxc_NQ)&3TKvBLYq-&?I+R24AGPF6l5Wkv1B=gJqD2jy&pTh^ST#&KOmr|>6I}7w;FrdN);lI$69evVWEcTA0PSB3WWE2 zB6QQP9(sH$OG=!Ez1WGfe-K;$6Dk|9>30~hQ(LqnPZ;6c^oVh*EaCtfD$Jh}U_7P$ zKlSV%X=Cc21AiN9eX8-RhNH`3a3{m_tI1%H0Z?d)PaC%bJ2ec|#C|v%>h-JCgWHdn zQ!@Or0Nl?f-ZKEE!QA9)Bj#Bph0%tvJ%MZkmzc~zGBI{rVAEX~f&OMmKpk(yu#XzO zZQe|T?zC9wIPnR|(IC#~g){OzODS7yiLk8Pyz06JYuUSV4X}Ghan>)*T=5t{GdI;m z0Li}`DB+zrY&|7ykvYCp9f`!|kHc`WimTmN60_Q2V^6G)L)){R*9DQ_AaoEX^vIna z&4ep%Ib#zdq|59^!j|%>?2p$_1-91|I!oSN%%E?$l83GQ2XxvtpKm>nf&l_q($icr z-z=KOD*lveX<6P;lE{CzINpLc2Am!X50AjA!lsalE<|<`~uQQp9yPciTep;zh`2ZrvXkHlyYBs?un6(Mki-kN5zCq!XSKpE@hpBw$S zEYOgfzL!ONM?uR8!yR-?N+fNy1cs$$Z3M2apQK{F*DTOav!ki6qJ!rUDeWR@{J4~whm2s0duR1Qa8g^Z z%0Q~-r=H=36^W?1L4EJ|;4;7Ud3}!zGy@;L*J%BheJhUsrQ@JGDoV??CNEa7D}sO4@0FO z8CGxd(&v1dLgWGtqGtlec|KlKK(&6@{HNe8zKTrZH92fj8hv}~H%CU$j(yZW{r1MS z5xFs+HNfG~189F&{}p}-F8>?qD`K~(V|Ux(R2fYo?Kw0x@k}n?Dyo2w@34D8ysQo+ z?th;3RLlpxhOS;kEFX4p@!-ub^h|#luSe3-r@P5;;A5jiAIo$X^%HOe#N@B|cehY! zmaK2=*5Fs6=rJZd{;=Hb4EjUYdqh&xe=G%E7WD&0yjoO?>z&X?&8@rW>`lG}l_I6? z)54JW?~x{MG{MmgNBQ;ivVt7guTmGUGi`6B4l&$dinbRYGMq*A+@w0=es%v@7;t#7 zN6C<%2l2e|WPcL4vQ#cSS1Ku<5SI}JJeVV%+?MeuNR}J3(ZIH67m9_&mp{>f$mRCb z&*FYaQEJhC*W}f@g@^Qh?svFem3d03#y*xCipD_1= zM{Zw04X6KzpTI=Qdq0d79j*-fT+Uh+fX$}r{ zdAIPkJ)d_)+Dd=<=hW(sE2&wF1Hmn?E!$*Qo~~K9i;8}9v3k3Axj1?Ad(2`q=%6PP z?&)R{=H~$Bz6M>q+Ma*w3D`&Y_wQHjYGGn|e_NT)j<$lWvFgGVXJ?A`E)WrhN333> zBchY0+8Qeb2aO;drzIUUtcD82vxv)~s;`=GDxIMx5!(HC z#3V8%@*ev5-*z(Hz;fLY;0awF3g6`Z|qvy1FDkqqnIrQ}+XDt>ub2_+; zN61BJrkBRrc{fHVD6|QLkH0(zp%rb^gQQ%poU+;AIeplY;-GJ0kQWp^4Y z?#%zYUK|RrfLbzqf8ad}Z zWuS2bH2z9dK{Aw#>_en~G#2ayRl!q^Y|!7IF|a3V`hSRDA35k#|FLu>y_ZyJgceHC z*3qHOiGN)UI7=2#zhw22s|Ohy7}{O(vYyyyQ)=`y<@c9N>YU3oIKxuQy@IN!YQw>4 zFt;^GtivxvCD$2!)dKoqM28BgQf{f0Mig`aHwp7ImvXCQdX{!8<;^~|F_Bemig>Tx z(n=yWt2o<8lm!1BV;EKT=G84$QHCRx_UoI)$k((yf_yrUz4}IO!FktoFFfwghHlQu zNgoa2^o*>1z3SpgstS|&i+q`qCcS*piOFg~AVE)Xb7X6bI=e7pX^}?Ka%4j<+xiM( zQ2M9$dwF8JxYsdiX)Y;(y&G(wC5xyrbrhm8NalJJ@f!1j_$lev2MwM8M;2U6E`FgR zL(m2NTTM~p6NhR2;DNcteSU5&bK_zq=LW>*CgAznUn zez{w%!BlYLKLG1om}4vKl=eJ|ybja&O-8<=(He`2%}zi-mH!x3A{zAWb|Al!4~ zE;X|}3V+n_c;d=u&J9mnnzi?jkO=pG>s9}yKfj$xO6LQK>PtExCnQ0 zH&^f?hu=I~Bon2Ac3Tv`phwhG6maH3y!2tpr`~?(H)hhA^arSo)Uh!jZp7bkt!}Q$ z**}n(wNNsVT{g4G!onikWf_i5%{}#&uJpsaI0wPn2>^cnt?5|6NuK@wsnH|p_}&D{ zWv?yQy_zo{*(6K4W(<21wVRdP9WLkYI~i3wb7%J_cNeecl*q>_6AzaYf26d#N$-w` zX9x&~rFXt#H@=rqmcGp=%=s!Q&vs_K@5MKpjxQN(`8=(LdhE+1SCA>#~k@eHG z8vDL!9`tn8|C-p9Ia~TY?U3JR-642w|GO|O+S@p2>N8~}+Y#TkuB=~(?}jc$!jMwU zdvpTSrLQK%pJ@Vl8{lNod15KqhET^Jr5#l_o|%+{KHJ)13z-DO%#NVM70*P8v6(s5 z#ay|wPu}d`=<`ly<=n{e5Q*t?<043!s9>F|;W87df0&0#kZ|CLyUp56^65< zhjd+_C3_Uc(rpOyC;lWosxNt4GQ1&j!gBcvrDV4|8UBjjAz}lHDQy{$A}?|sCzFo= z*NUFwi%tt=OEY*ZS9ATgvuKPGWH|Dgpzn;Nx>`5HbAL^FFwTKdQUbY7qr zKh37Ud*IJB(=?}5DS97{g6$w`t%IddnMJ#OOq4k|!oB zx$Bmz=GTB_%ejqbXe~JGB>BEeP{v!IyUj~?unWD7hiJ|L=EoIca+Bf~e{3VW0XHCL zPD9VWtI^EG47_!fo>0?W1+S0Y6woF&_5o}=&~9I)e68`43tkg$o3t#It3p+oSN5l% z=_aTWh^2&owt*o|FVqpD#;YZW z;K5a8cK%*qrT5m@)<#z09n4l30&$2U>{ynFvINfHs=gHO4Fzb^ct#&eHrY4V1SnJ$ zgA_UX9y=b7QkVjNeyQeiX)!5l_Ll%_i;Oo0)SY9^-0k|gKe9*dT)h7sS)#X;I1QZz zfd{?j1!BrA!er{@eEi$M?%VCAQ;a&W!p}c}64BBMK&(q`@w=gFO6bXz_C5g^z*6PQ zqj)!(nr4ILK!Y;G>s(osCrRQS9u(WM_hWT|Jez!`v&&_KN~u@VgW;oRT5%<%r8zZC z@u7zx0)C|Zx_4C-t+p%+=FOM7?DzF2lFp8kE6=Z0IZiHoNNSq{`6#!_PlW*_l0Jq1 z<^1{8?UDVl0q&~4HYFc9O-+udSiG+3cx(Fz-Wn*ltgJC*W;9ZreTydNcaQ*3Qa0`O z8^;~J7lHPs=}48tDf{sSe8qI`8HQ}tt*>TetVOd(#|}P#!9ZR zUJdU+UJmL2Y0&Q%o-T=3e49vCL{>`CVhE+CVd8WXaxv|SwC-4|lQsZZYu@$!z3^`d zz)!|`B7;HFrW9x{q(eAtW;+0GHe7-l$s)dpne&d{ZK3D9tC~M;3R` zUK5wq?=9)$sS3QYS%%*!U1!m7zL3oR-_+)Iozu8USUG3!goyX7b>%A8qM0&tDS-I* zMWl3~`Kf%%7E8>YDb^0-X~pIuj%6081Bwv-l2>akEQpV(TwoQ*NbX2`@InGI6|V98wU*;u#MF;)>xOGqX&C?;y(#At+<@g3^AM~OfCCV( zQO&IT$@7D{cR&6hN)w!ZQ`te2!=4`d{kO!xCl}dKrefLHPr;jq`AfytYb;pK&PB$Kr3b0b&C9AiD6?<+i061;M*WUD z_7)?grRk$(wDXX-m=Qp3_J2*t1@p^M7Olncw;VHselR<)Or#6{aGG~bFhn8OjlT*k0IMT$a(wDeZ#Ggs}u+G4XY=8akP zC*S$JnLc@p2F>xUTf3j&87LxH%>1{zpC4qG&ac43V1GLdJcXiXl@iDggI-Mvm^3H- zs-?Xp07CuPb|W~-3M)vJ8Yw|H<;O~9l)}k)fRuptYN|!^zNS8O;khL^@aeJt*e!~~2bheX$$KSV-2r+CXI}ZWS*3hB9N@R;B~5XFYF|NgqguJZ z;w6x2Kf$8~BAv1B1saZ3)t}ywCj$AG^-8O3r|PH98b_Mv0PqugLtLd&k-`uC>6-C| z7^lIp1GjwJsphJ{0=i1xih|{-(Gst9I)8$Pi>b>zCa{31(#vACtk8Q@-UT6)JJmv* z^>yJW-8jt~H%xXwLH~{29$+d^*}|*xxal? z*SwZhsI*3phL4+wjK66!yy}6a*ELxfDpbm$ej0tNs0tNVwNXQrW)H*cDD+BTEKBPA zqXpW`uA7RQ!Aq`^K)yZE~SRJ63p=ITOEpj>}^8$ z2o6^hbRGPC-ooj3;p2|x1X;(MRExryqeKYWgQF+iz~9g9|PkbP=@{z0vzjoQPvm>-^`Rm89g zpT)^^DXt$(;!wZac|7S!EDta^Ptvw`DI=1S4tCVI0!PG;=lZCk8xz2brCd!67GNs> z_fqkfH}I>?5u(-{_vn(>SveL4*#e}!NCH``k>OYOmv-5-aVI73^{S?g>mR<4`B5Ri zH{zKgo%mjR+d1JWyZqiPZ=TD;C996>`ne!p$g%1>ylm)g;oZ*fPe>;ozUb9icDbM{ z)6HxL;^@go&eC!tpp5mM$FRA9)Cu*2V~|ZIMY_r0JUGpT~h!j#o{shXQ6?+fgK#A_fuG(<^vfmKnq*4iQ|UT9q)tpq}~=X z%{4(BI=UhnbKfDSbINx|kKcm023s?=2#9)*!dli=eS*&3I6IhcL0Tx3bywt27F<-^ z%u{Kc4a!;*6_8Wn@%pjmQt|kE@IUEeeNVC9m9flfdG3EZwF=zL5yHWQcWfs%ZSpGO zLB#vu=EEzc*oiJn^{YspOVQ8o%Sc=ju5v*a6j#C(!jZCClRE!QUOtmB0}Ld#9LbQ0 zxE;Lz&;pkfV)8|nBb)G&uKn=P$R<5LEx%fJO6}t0=_dd7gipp<8~;&f|AX(i>n#(_ zh*y!w|NWWQB2$siyPxsMTf7^V&gp!V2Z_7E{5OOx=aKdoFXOU${6DuzM-BNvhX+X^b@Im*h#$L{u5gh8CNDd!ZQsm- zdXt#uLy3q&jGA|wjAwZY_vk%(`pb9aZ5b}_*gwh#XE!uOyz2>_PkWnQBeXhcuU#Ir z6#*gYYxTHmzNBHg=v5n{Yko@S-)TxDIo}I{OG$tdns@7{s~0Z)Tz#F zZs3ifg8kK(tYRCN=;(drj{eBT2V(~0uwER}Zmr_SZ5l`gGlw@Fn0=nd0g|HJ1(C%R zMtC+3mt9vvJ%4GmcR-`vR{RxEzyAYL>2T)w!x5{SQD?p$u1JVW4Bf~5Q(Ifzn&w4n z{(7mZ@hGx1f5+-@+l#RBT${0~n5y00&XO(Vjskx~4%&d!v{MO*j+1v1a$meK!As-7 zLEyP3$&KW^ynBPVcg~X!&WM_j{W_EXAcmd!qw0Wgh)Gw!G6i6muYfAvr2iM*dRU~Ab z1X1MgMdy@*%(=$0ZV4q-``HC)s7@W#-`opC-ikFc?j|dL7KWf zbeGEaw14*IFA0-wKMo9gjYz{e^3749;okS^j99jB^nfSVg@|K z^=ss~59WJQ1tYfIwlCtqzH(7a(QiY(7c-%eGW@nBJES~r^@GNz3Ty1;#;*yxHI)@k z)XDFA3R_*egkBGB zN};+D0XcN%(O$KF&Cv{0*j6;{%b1+J$z*`2N@X|Ik7QEEp;_{BdpQsqjU10#D^G|im5@me=QyWqS72(=O|6a8 z_ZiK4TEtp-zY|(CP=(@>Qmeu9L4n}9u>Psmy9jkXFD=5W=_`jK*PB18flUW+asy(g z5?M2ibP|p(~)n(J>MfcW-7h;!z{=T(y@L~0rr}EGu^TuQSb+^`-}VNU3p5g zB7t%P<>>ORJuu*9kgbfGH*?0V`J^Q+PN{L&fUaH&x0M=Se_fMcD5~Uq)r$b9q!Hl0m9Tf zWD?^GOq5#k{vH_%Q0(|_sDHh0T06;=A$`rays))BtuC@|IcF6Ql2!|}7L@S|*eDVF zidtVulKOazw^u|yUrev`I*9YMjWPwB#qj55A0 zckueSlM#V2-y-e`jT1bUtS;BMn0HXB4{l!rH-ubmI20Y7f4-;{t?7p^ykaC`Y0yZ8Qeb^Q~nLAM6pbo&7cQPxsn@|qHqeI~5NQ0nNP@Z50I#^CU7z8)ftjDJpW z7q&K))N8-KRsVGHL*yw+q5C5n*t(YV(7P(PPCoVLsZZ&J$k9Lvid}7#5XJFyKJx9| zPkahB0cb-)0&D_>B4HEfBr?GTZZK>J63bG6P;6as!7)vSiC?gs$o{+hiuscz@72e ztk$heD&bf!NW->)#>sWOqnOAqW_<8b0a`^vPar4%(ceFBTn@itZTof8_=I|)u;#6n zHWW&`=rAde$`}R?7X|`_@bt`*$&r^UOw=xiYj&uu+E-%bf}Lk_?zQHvHbnxvuH-p5 zcep+d`0QWHt}#j4H5?Z(GN&P&y;}|kHj(n&z|fy|72d9QXUfFhlzXT^BEF{TOKiGwV<{*p^`Y0rdr~$;&rQ6oWNA;k zWPWyWR?JF>)9!6Hq*{`C<{Y!IH(dzjm}+}W6XwR3G2jpibu$b*&!!E@u!ovl8}#=+&VwQ2{luwSV8f~7N4bp8NE zi5hUqNUv9Gl*AP3)cBt3beHC)ss0^MRk&X>as`bRvAee1DQB=(!39H*0QVNp;P$D7 zch=@=lH-rs-AGTZF6~9G7C51{srB)X`JvyRLkYTx1d9Ucifo4RiI+PZAC$lz*hk!8j#L zFIh!VG)6{B4vC6hM1gxUvKqF(@us8*O%Yn>h(JBj=zI; zkz7M|bV!SS?I_yem@n0udgFX4wK|HN^$v83r&w&oGW0Rvgmb@#?fDDcHI_tGx6=!b zC*CTm&)jj<-i^BzWb}c!`Am&`#LS2bIDW2Y619%zujI-{Uw=c19|I@d}MPA;-UJRhERs4D6@}XVWMZ!an%|Zj9UV7r?dWhc zp8??G=dpAxCzsQoYQ1(f<^QP*|NkS3E;;sF&%MpVDlw@5M932cu6CNj`}xj0Fb%=O zf+#rhKsfCeSSla~;HTQ65N65cr+gkI_GMFh{fYT0TKE5ckmxNCB`MSt= zlfXiUguYWtb=~YEl=l;gdO4(PN}BT}fd?=WCSu_bdp=2NvGR8>9^Gbf;94u6MUsv? zFE!HnyQVPx(#&sWY4j4%yt*&3W+182T&|VrMX@{<<9%H*7L7Nl+CL%`?PIe2lLoU`C`}>P<>@zaqjx_H*r#m%`yo}E)6V-e?z0#Pt4@iE1vqI zKa1QNxMGh*{_fMFUrOy?bT(q|_{<{QnPZ06o=El3;sR2}bObyMxV-*-G<%!NZDFg_ z+PFw~G9p;TIA@(*Y;RVKf4)hSy$KYSyjlKU>r|?^*883LDr1ViPOQ%Gfu{Agu;j4V z8+3G0bd%-EIpPGs*dc7H(xf~8%#m!u z<4o$!c{o&A(sZ6T;nh<8Q&kLDwD~4YSskm;|EnjLqB41`9JEQ3BTum%VHfq*dDAIj z$^_fNxBQ_6l!s7CPP>zr&hP$MpZSS3fi~^sl`a99&(|WSVb@ YK#l95QZ-6HwZC3G(^4sUYWePe0JRV}_y7O^ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-download-file-reason400.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-download-file-reason400.png new file mode 100644 index 0000000000000000000000000000000000000000..fd74c7c48779e5b48f95d6e19044beb7ed0a721d GIT binary patch literal 18534 zcmeIa1yIyc{4c6B5(}b)z)}J#4HD7~ihvk2ONSCm*Ahx2EeIkdqJTZbS$uR zcP-63-2c3p`=9yWH}}oldH2nm$IJo?8)wh&oNs*Mgul>GA-i?&){PrC$eyYyzPxec zW-Pd+5D|dCta-LUz>k|QFID7k6!bEzf;)KDa_Vw7ZWPCmoSWi<`^1i_dM-C^P_tj( zZa#f^f9J*xm9wXca<4sMn`!t+#^LHpOcmGDu-e-m0SO0l__uWIEzzLRj#KD8Gd?0f20AEQ|mHYY2QwaB?Cr^kwDdcS~HT~jCt*v@W^!6`DYptx* z3$oQytY9uZ!W=;q@~IDT2}p|!8718RZVdf;>b>1)`+nXU& z_!x1mxSgN7^DacMnzv9`7-FX}1N}<#YS8a8;)+yi-+yAF-1bxErPO$xZ;J4{p^j$> z4@`w^N6M_zFOnAfGGwZCz{I#qW1$_ENk&#O$TR5r)E|#7E-|0uqMmf&?hrD1E1_)7 zN`+3-0y6rMvmzb5X8G5@!nSsO=~8uRhsEY?V?Un8Z_G3XcD~>&b(#;E zp^Pf&&r(5yEA`2Miho1IvSsKqWb)H^j)~kjHv9c0^~Q*2TdIMA>SWN- zk9WE3CdZ0Jo+Kxo>@P2_;1}C>erkms1(VQB6q~nyLIhFF&CNwRd><_|?n^Ax-3qyz zbv~9AGlBHl&$C#`=Yt`~E-$g1=jp9Sn-Y1N+c4?L)`5Cs8N}Hp@2|tgKtgnl+xq#X z{PL)AB}C@D;nrPVI})0|*jd4#hm4VKSCUIJc ziQ5^Uc(*`L){Uk7#;TmMq>je2cpnAdqA7`yKJCyhge{&85NjkY^1W!-Tkc-=>NIAq zhnP}I*NVl~^TJVdig3G~*B{Y4rV5*bnlhbQHsG^h(u8iu;^5z!*qW-nNWVdF@%v9< zN$qxZyMDO?BQm}=|4p~Hh`1*axO7CYb_WUXgIokVDPpnDxIroO@Mq>StPmy@v%fQ| zaMXY+Q?8w_KaRp)bYS7=iXN=?HdE|ITsCxSa=C~Rb~0Nk`j3B zy#i^9yocY3rdL;)e){1Q-{zoNZ7mB)H_fweJRbdR)Q(EB>`ol-O_P|KNqY3AE9RGR zy&QjA@P$X+zcW6g)7vz;t|NIcd*OE@s=c(A z&!yuiSeDz4YCtWuf2dOa(MEYY^FT=y=qPh(U@I1VgfXk-qpKW2giQGnJNy0WWsMFQKoD(Sm@6-O` zRUFqx(bmwue)^6yPCJq&0hc9G#QARfIehWa=P5QEMSOv0nr!!!&*Xzv3aaLw)h;F) z_*Nf|pf_e^F2;Wo_Njr{5z(mVeQV+9RCFPLicoV$ElP4!`i zgBh29K_HN3@}5g0YoL1M`*f9C^nfnFpv3bjmmEBwDv{m{@UGCHPW#49FgvTKN^{)Zw((`JtkFfeXg4r5rX69{?#W@*% zT@E!TR$Q-hV~6t%M!j9P9fYi&gN=CHpk1K9+8)=J0>4Z|9SlUkqTdc?k0ZA0=0)r3 zi54t3zY0sc3QHvT{`)33QobJQeOrylN$XRNJ-Q-hl7Uo^U$ND^c(PE;dm*>H7MXT2 z6Y61*ENJ<%Sq`6sy3BpEU`NGCrx0d8{70u!V!Nih5_h)ibL~(R50>lO0eg~en#l$j z)y%rr-qNA(V%KL0N_b{~cCndKAMV_XUoY9~mtR)Gr2c5<*YFtCv_vyWIAE&xHE77A z=izleUQ$fzDZ-^(fnjkvTcymNQS_n};F8r6Hpjji{yi)S8|WZE;bX!h*$%FXpy6|P z6F?ZG^9HFa@P}frO)5#m9zC%;?`hQ?sGC>^!@F@`q?=7sX(ubYTk9WDdK|C(u9>k zN9>5>gTq04HRF=)zB&sC6HjuoUW__lAjr7;3SGFJ@4jhTBV{lRrKziz2gg30)Vyb( z#G;EhnMhXagDK>FynaZ=9?a%ssl-_6X&R5w@I2X!NfesOfF@n_R>+(=v)Y+S8R_0< z0Gs$ym6#~xq$7^4?#GohNLqZWX9F~t#L1+(AMJ6vVQl&u3<^~V{1n!Y&R3HjT&U_& z#JS$*00qM098SP)6sgO7TJBJC#;#otcZGC)O*B(*RH8!YZMAm>uFnPS9z`#lCUb|8 zt!B_pJUhR8{j~T!*_RvM4jvJ1XMEG;MO>r$~cPwyQZ1Yc;uF-ayxzE2BW_R-BhMyO`lGIx&$ zuR_?*YT)Kl)jTjkrV zq)XPNv1=YP^8B*zWY>>Ld{B3Q;ha-PL#Yqm%Um*{Kea2V-8TteRGjF)-O2@~>O4+K zcJdo%)LwF!;=89LDV8jCWnzPsDsQXBm><+Bn!1Q_gtBw?$HrdI4vS8EG^0=kV(Ur0 zTpA-2?AbkwE1A$Rg&%?89q+CD%T$n;6?a=p zn7j{`u8%a4>N_G3m4n3S|D#BZyG^mBd0mJdZHzM}N?pFhbWk?i?|u&!acLtpsC8Et zwCDw)v6bLpJH=1}n`cnjoBcdF)v%kci{EQcaeZ%u{*vHqylJ;Nl&qYLUgUnIk3hC& ziq*P8-8{d;1}(bI*T7jFqyfp7IL8pmj_6j-gUrV@;2^64}@hBh*notixUm*<`N*6kpF`uQ^b|O26W-kXT9m;3rimhez0vykdHuw4ao%WY|4tKaC z0tj0w@(n6ZPd_z(GZKCbbBl(vpqC?A|Hb@b*zt!Hizp8H4_jS?BsLm%jRE|M4 z&~-3MXu7KTg3BL<7&e#Co|hD2^X zyY3_&7hDnZQ&)6}rHeD1KcJDnq~2?vTEuJMzCopfy|ZSM7${)TSJ6=6uCF4tR-psl zd$c{oRBhv3pSkk1Hz!0~S1A6xs0$eWV~nZs9U2~#_E{+^w;O)+qj)GvK)%#__z|Y! z-S92Z)Af;pVx$n3t}tDzqxnZS^ZRg~9v6G0n*6=^KmqtPvU(G;d$2t^svY7>FY0iB zbi3HWrHRpNG(a=pS-hn9HePD2m(>IUDsyHP@r#NL9v6C*&v(h@97eY25>=F#i1Thxy{2Ws!oZs?U- z)#M`kPlRa#P;`iRgyxGXM^mPnWEy0c_;^U!-crwUfSloApw?#ph56Y|AojdYt%W|# zxH4HNyILmz+yDEGZA__KN`*A{aQ5aRuOlMx!_uFi#XusZ1yCFZf3O5aznr9guzAGT zXB}gEwItqML1Bl$RBjt9^feI4GBm^ZWt{I@35CVlUT5At&3K3VmOpejh0aU&ZZcBYyrnyF652 zl;Wj!5MdLqzwA+Pzc>^<{Xz>ROeda6qtNO9uH>snPb!MjNWVWWN3>ceG=z7C-Ncr# z-20J1Zbt1zaz35GpuuLBATl^9Wb4@a@opeZMU&Jg?MAMzLe>>`A!b_KVb58&xQAD( zUf^r8ek6$rw{H$1cboOfork09s7}UGe)B>2Ac{mzH(g3vCGe}8WJr%zK%4biS2>zC zuEry-7xZHrrP8P=iX<)_-fCek{9Dvz_k`b#HC$fUALPbKw*)@ez|>>fV(8aH=-3dg zpLHf?v(=x{jXrww=Tu;kD*=1B;b>R7#Iq3(ow9!|mY9>t3m@gJ7Ui0(tUee} z^QE;N>Y%LfYxc%W|9C63ex}Fdf7|{=2W~qX^`t>3RZF>I=O^j=+7-{ogH%&-6c@k3 zD=O2aWOk2#RW9-9>x0T|GX9>BcNr+}hP#cWh`PRgz_t6EtHt{oqlsXKguq| zg;lrxMhS$i6OP33K04R%9|-5SYiA2{P%M=}>GWnb_9OLzVw&QtTp7?Oj6JQbsGC8! zF+@U9yGtPl0l_32i3ScmX2{YcmXCb*Mp)AyT)KWoDq2Pk^#00g(G+VclDXCG?pGSK zspZYN7L~HyE=78xrWqf6JXlG|`%x2w@5d#`@aW8EG>`_OZ2H&C&l_jtenb#DBI!?d zk}kOW1t`6mi~B1M99tly{>2*iw8REX>7Cf1o>HW4Mt)wk@sYMif{MFN+=`Z+8VNK_ zIXP*s^rVi&kHqi@ma9({I=Y#56D7XZiq%98MZ45R#~cX^5P3BVzQ5U6TF zngmD&majN8H450rP>4#@)ilC=W2|_Ax>S#4G60{%ZZKQ@XsdR6VyP!3-@o3k6J<;e za$X6qQO($Fb7;K5oXh#K)7kO7Lxsoo^g?1OC=;Q2Yiwy?vFK$;qb?Yf>@amx(<_rF z3GEFa^5(fLkD>}NzF0=%tBumW^RdBVn|{_5F(!h>8 zSbUr*NS@CM*qNga*GD-=Z*Pp3wnxEdn}Rn>x_L|48gt>}HNw@{{bV8Q-sO938zu*% z`9|yh^$%#Vp!iQ8`IZr_K0D_6p@Zm9#Cbs#6EdsvV(_7E(Kit0#+*TaG3hKwBnLM5 z<`!a$*lpsU^K!4ffxKjkhqxGIyf2wT-eNgHL6>&eYk$dmJJs^^;H?7#c4K_Ajfw5C z_rZg8OnpY7`3gXqtO&{PBfo%vUrYJi8oVIX&xzkI2Zv4PyCN}3qChqKY^&WgvXcz` zk43?5C^t?o$YHrRZ6wD7j@7NO8=pI25V9&GqvdZH$u~$Mb;I#Kz&*uQt`27Zj1;lF z?-1QcV&*$NSzX6u{!t)A_>WHQ7>{AqKdZiUOI$+ogU5rJTWv8+8Ncb7w}aTDF3zxL zB6|W4>{6)r;ut00Ysy@-faY&)*DF~$red}^1YdL4A^_9Ci{V#Gpi0Rs&U^(3a0K#y9QD=-7q1&(VR4G+r~`F zC_Z%E#G~m*1qpaLcUYApX=mFwg=o{CHpXfsi?`mQd1MFoSTzH?u>=fa{A{~EL-2WP z1Wl!WxvfFzQV-~cUmnd8GI>H!>M0^e6MqUlFWD%nuHh&BP~RYyn3nxE`m}ucmHbLj zJk=l%6C()B0*F`>jHbN@$vm*oDWe-O;%WVYokAGOdjxgX{tIbxqm%OlKA4@4!fw@8 zI4?dcWSZmk?PMP*wbrCbsFWA)F(@nYIoX?-YmK-#4g;W<{?Ct}1D5|a^tDE=4(9s> zwro?fg&-~oAomv9+=n`}+=t)j5Q;uvfyMF}OaIZSuN#J_fjDeb#hTTJiOY=s6+z9T zA0qBOtRxm7$b8FFjHQT#ZW;f>k`JFz%@8PlZ;Rg@v~M~luImYA3Hqgtsu6xW(6avi z^q#a&6$!=LPw=h_WgCeog)c9Es-2zIZX?aXY?KG!-_osgV5;U+Nh4P^FJY-Xe(FN^% z;4HT}=IjzuLTfGg3BZ~9<0Y0xkzGlA+pKai>6xW!0UzL_1!>p{+u?#m1+`EJV}*7; z+LNxE!2EggpV8bc0@TZ&&(dQ$*u-5|zAcgk$fm`%@l;N~vmGrsG>7?L2qT1u?&2WD zJq7a(DofP(P>*T*taueyU!bM=V ziNa2ol4VZQi`dzW8oH?OffN$l^$;KL-B9kV)F1$U4Z0Ka?S{MFG}11*D5!4>3(g#L z>@W4qqnqM$`m#D4Q?}DJhWLBPwn$$c^+|90c zV?1*?wQ4)oSL{K6ua;qv2V8l~iWe$#HXe9XslwzE*zLC`=e-a(eY)DPvxK)ix66#9 z)P$ii_7PCYN@Lvfd`r>GnSNaB<~@tQzIP;{UH)!(VH!`%J5{tRhGGhvb(a4shh}4V z6jo^fujSd0a;nQ*&dJbEt8v@N=#w-D58ty-jmYIC-;kMEUZ%M^$?)UN@ZYK~x+_T-%s24IWv4Q8w1HGaR{cMq0YHWLCV)A?SF|gEyN_{?Ygo{y_aqkXktj`y)yhK z3HyG1=$EbiL|FyEeGTgCeC-T8%EJq zWjhK%Va0_E&L_E{Pn?77(KW;S0gW6yTN(TbcRyf@ZATqM-2(|Bdr*GmDy#gjmj^VO z5}UWaH&fhJE{9|K3{`g@)Bfht*&48T{zTzoh_r40vkr{hZE(=4_X}OuG^^*mMFogo zDnx>X0br;{2xU@;z~eI0<`4@~;@tU*v!jz(Q;YX50cXNfHEty7v)X@N{`?rxy!?R@ zKK%PL>To0lmgL)f@{9&LKri4^b+|S@IPJA;U%U4Ek5Aa!iLzfKwH|zhR0EbPA2}Nz zaPB6MOy6lv50s}Hk0F}1i5etshZZ-I3^jOQ|K3A(tm9azofGe2 zeW>LzI}Wb0IJb(zSFh$>J2vk2;RKsD^@ z+j5}&_^$SSOQYj}Mjn_5#;5HE`~M+Ozz3YC+P4k0#f zFKe-=^I{FjRdfg22{ZYe(t&g6MN6N^o*JX`^K{8-1;70>Z||CO4Vgj)g*ul#ez3L( z7{y)1Sgx6@mgIoWUHp)J#p)A@DI-nNi|DFc>PxTuw(al-guqVDlD?W|q8sjpO ztrqX4MMsow?85|5NPzv3S+g_$ZR@uCvwSZSyI_Y=Z}${>iaB}zaQ%c8c8cKlaf^Z2 z2z+41Nn*_YV?9vsPxz%HHs%AUXU842aRRh*D$~i8li0t?2?rdy;-7efB0mu zMP)YYcpxUG1L~o%K3*xOfo63;?kZ>Wru7w>8J03($E`CgPnL*xixw2U#aHXId?{D! zXP-Cii6X>I(%4yV(eO~7TZx|`wo#(x=~6v|t?WTno}Ggg_GlG{x)ZCb=MOOrVvIiZ z0S}u`jtER%PkYXjU7bIG;!QuzQjR)58}sQ(=t~!TBWgU=JhPWk6+XNCo;_K zU!aTkpNiQI?MoJF-|xjLe1AJkeAYK*>Uf0UaF-*)+kSE^ zM=598`(S0(D@XcQ3Me)HVdHhAL%S<-(!IN+*yry1)-AOs;heM)!tP+`SYrBQu8=uB z#Xd4Yg?uli_d?$DQ{BWon@xF;suHr3TPy8*>N&~nV-vwACVg=*c-gAFRwN&M3kG&% zJg^)iwTrBhcE`k`%Qr(Ck4+-`he3%Rc$itKmF2}~Cw zAZaG>$w_&l&q_hRWP3f{DK6Pu)lmHT?#h}EeCIdQZ=xLc!gnvfzYv+r-e@r@v3QC} z)VMF1z$T^MH1Es*S|ujECj6U2u0%+mxX0FpS9D0+fIk&4NEiOUbfkxZUa-~4oOEjD zDTd$Hlg$1i7ljPBQ3tc!*zz6=_D36fV2VAin3LbVjlSIP1{CL4%c1026Vk)vV{f_rzJwhJr zCaR`XUDx0+=q|scN;MnkKl}#5NT^%ZQY~KYUU>n@dL=q zRJnf1t9!LlJ#mWMV@{@C>7QS(OoZgWr&P z@n&EKFJ4Qt_+cA7+B^+2M56G5v|k{v#TyTRk4$Ebj>ai zz4NS{A&RBDeyuZ>PC^-H467J+87lr6$(Ef6<8xNGZ6JE+#dqZprr*XVRZx&TbZsUR zO)dAlk$xAdvT*krC{@JSyW12yQRsL0XRszb2e)uO9kJEvYo-fBq>E|EESJ{&1zgxhvse{3Q2(%fx_lb?=kH-XGP-25d0rwOS=e>=gwC znJMxAPQLFy%{?nSb0~zV0yJDd6G7`gcCGzbiDl`eux@LMqTieiy|MwoP3bhsdpunV zk%z!;xdWQeBCOOL{CVWC83LppJt8*$n6E_)zNf34dUFPKKGo{9GSb!V?i8AZv3&qO z;H+#375BNiz?!uW1B?P)>j8J>;kwr2Kr^92LPGHdy*#B>y=AMjscDc0xXaFmYr~y9 zG~|JVp+5QgpAFCE7=R4uI`P@hNASNL_(4)q$Lf8!@fILR&kBq@Ei5cRyE$cs&g8?{ z^c^e86hVySEhP4Zn%hL6E8&_BPlS}C8B8^$PJWOvh+X3x_Mq=A0XWZnY&zm4j-bbu zq3DbHtBdVC(BX+Vw-6P&l46saI#=oL4P;y%SpPAqt$35K-9vT>lsD$|bs$UX_2>(u zoE*r_yDM3YnxJJa&SBXK=^Ph6izN`=JH@EeX z)`Ipv^U(sM3YX>Hg^45xV<4Cz_EBC2fKb~3!d<<<*GbHHeI);)Da2OA2IIQH`?`vw zFW4!2um+G*3lpoE4xG=w%($=ZtBz#~KY_`VwSvx?9gs+X*((8J8~xRRpYaA7J-`2X zWs;i=X7^aLce#$_Xr#TXziMX6Q;xcq4pVMRcQo3579xgSc#E#sWD~{sl+qNvEw!4a z04SY``?zINwOpobZJ?7LmEwEAel0jDh=A7Lkoz z_n`RPCV zquwv~P^Tbund*UB`0ZAyE5wn7r^K93e+4y<;mZ0sM}~yQRuOo6L`_-TisxGFd923( zBS88p@q67~kFI~(q{c0IR2Ida`8Od@oC6cjsktY~ZJf@p-=gX30<(FwF)udvP1+{D zOlacqERiOfR>D29(x^#GIhv6PX%<8m_^-yz7H%vHv*Ao_2f&>dLuwAAL`Chg2Aaj8 zOA)ak>EzHARH1SfG55`Wi_}f|Y+gL`qCbS=IW5xw=3cL<5=4#R$D2o~LS6h;2Q~(b zdy4l`MB%sWzb9nWPStuK{8sQNM-yKpwUk?SFTE&u_UlMlWqD^d$TSP(R4^LqGW=aB zV(8>&v%+>#QK@y`-jQ5&RfUMd*vcYH)b2dhDDLWjGUDj`v7wO5`S~lpv4~bR>YTOD z^JB^eV$i+)X~eeog-(HC>w3_Bkw`++&e(f^hlIFDwyNL*DVOEugi%}xy)0)w=$w(! zHs(W=_MhE*q}L>B$Zh!4lANX3*Wz5-4i#ZyeXp{gA33H*{CbrgRP%LtbInsM=2{ds zmsv*~I@9w-U`oW4kV{9SRnwcv_aLs_puliE79$KDoqWLrSSm6%-M0PrMl+Ikc=TJ) zg7+u(EK(RYoPRnNh!uF|zAAXwiyzRW+5>crlH8;41P8+!!q9m|^>iHGqV9Vlq-1sx zq7JgxC^`p4uOt*Cr046hungAZ^Q1V|cY-OmEe&;>&r&^EgV(hf< z=txjR{?qvEBdwi@fzXGJGNKNXCOigZWsQLZp%Fec#x@|(5ufDQ!s~WJlFrI?jDgbW z&nbReaH2-}Ok@9h`ry+AGZX*MkKW|THsVN62FG0sEhmdiQej?;mW7CW?Dd^}-{f$O zbWL_<8r>f}9?xrg4JD#Qa>zA^748psTRh$X2=oa&@;(hduOI>7VzvGH z&01IkZw6(em`mVw{o~hd+-+qszw<8{I?)+aE$>O9t7-uryBrZwVq8^ZQ2uW5P}wUy z9_b{V?!RRW!y2m6egpB4&DHzfX|RGH=GN{|p5EZc;6p6NAA@e*?~`F7RsT7pq$08K zg(K?Wz9CIrI2EV2cUYTw%w^BIgh%cfM4n-2x&HFdE*Fc^E_5)0LjZ^YefuU~zo*94 zt2?S?y|8{Mt>|A7l6#fHAEY~EDruiHFYT#ewex3TGW&4K8h>f#&z zr@uJu)%efLVsx6l7QV_6+0@%Apv=SQ0uH%Ou1-?l!x51KGhk%REiOQ;mMB$ZS zFqKKh-u?T#R#kP7p#8w&t@G1$ZE@Op>c&J9`l_RMBYD?)yj}9=+ta8#=iI9rmhHm& zqjz%*(%95Dg<4a6B%9%m00ut9FnO#~Pw3&&+$>NRFS|HBaxpbOV9m+2RLs}TpP2P| zjV)6qbTYb)7a_jz^`{C`qt`t#et}4k_sRB7*9LPcJ+!}y+ByKJ&4a$5ITc~I@TpZz z5(YVwbryzh&iWj#4z|zZ?7hs<*nDApD1Y&qX!H1e50RJ6P?eSqrxEH^ zQ#mzvy)a4IMNExf!XqmCWD(D|xuajp-;FOgO65PJ-}~{ZfkJqZwJ;Uq(ztv}wYD4W z)mN<5tjr6o@;0>4l-#YtTCD6UI^Lwd^;xNp!(%INtxZXD@nSzi6CKLrW5T7A=gN*Z zhbgiAW2|ehu>qp)?S$8RTE$Y^Mm$wa5WaKp26-elX+ z+0v0RM18@~77&rH9*$yW+AbtK{5WYxgJFEWr#@C`>HfS2UqvTIUT~83#S!w}?n=>^ z{il$nQLUT#wCYQ>BSoG~NA&#LbI*@D#=hmt!33&w4_>)fd5VU*{^D$cc}yL4N?Bpf zmqeSZtA?ToUC}~a<|ugRz0bU&~_t6@gQ?;c4UR)Q8Ue4O_wP8)8$+9aXVhm{UXwS`$8jxe8&poNp{sO9gZG^Ls&@ob zX;Xd=|0dYgw^In#-;oW%@;*^ZnJFeE%yyK<(RHF_Y7B?!9_Q zWYedK@D@+C{U)stj>>n6Vk@Gp-S)#G99E{#5M>hca24H*v2y%KS8G{ocigiXG7>w zWYc#FJj9=7jC!$8!+qxIr$1!p5fN?PGSK_u&I9M71gu!GM4gLu6|@UskaM9JkkFwf zfNkp_S>8CMcW@N=MJ>)y779e(HDZ@iW0)tILQ49ST6D)LQcQ=|wA{1=M~vj{ zW;QdjFOGap#Pe%gc21PiK4OQKr`49*dC0Vq<07U+!SC%Ma+=ZbEg{ZQ3 zTO{3dM9WzJ%2V8xCuZ-NYYL0u+u^&XHo9zF)#qk7-dc~n!}b~kw0vW!EnB|4BIs>g z%rtM_A+uzW0bw2PuXtq(4m22HO{*V$sm`20`)EO^=4#hhc+pSwRQ|?o;tx-_L@7}d&*_Ezmh4-!iiE|gB1_ZP)u zD!kC7XfbM4t`foqzXFtXy6;G#>Dq6T4*}CpI*6m~nZ#xLLR>DJBKRh*F6--0y&}9< z%7zssq=eH84XaDbY(q*08@ZVKw9;f>r@K;&DakPud1*1q7Et&P6?{L6uajYvtl!wx zE_gYfetbrCVS*4YQ-sSj}v`?s1R*epRin%-P@2U`Mh( zJepw3?(?Ta(d|S(0v-Rw?%rDY>9}9zS+eZQ5lJikcYpuXw(x|XRCK3W2SBqK$L?EH ziZ50lNGU*a1rGwB>qY9=1( zJJz0I*R26N?g9T{wt^DCQ#haW$h2-$I^J!c@}ZaiOb($i!BdX8_gV0MP5^9bPAS4S zmou(?59Uv_&)JB}28q0BPPDozXdxdHm6;{<0in1M2;+1+WSTYeJsj3KHzbF+X$H1L zoN||ubV-^mge}B9X{Mlt7&=OlZ295Q43&=>S)&k#q*AMw(B(HeMw@P0;;E1=nSKSs z64$3;oc%XvV3bg{%}}T`!7sE5)5$KW(gI$)6cbXe?c-a*Nw$v-sxNq>+s(5pRbygd zJk8{!jjZ0Z2Hx>uIBtK77!?xYIW%ucU1*{1+c^EW5lVf6z_w_mDfi;{4I$ z^_|B$bkEu0txSpt+<7~p*u5Z2Yu3<|=t&|%!IOhlFNCj}FLbm?97pKwoFdkws;^%v zArLA(&A%DO!W%N6j}Q5%z)+R_pbZ#euXnu;4@ z7(>`^9<~iG@$Z})?&Y@5@3PTumHN3i98@9dQ#c-seP(PkY zb=bk?PqxUj(fnbxA{s%r5boX@%fi^@I@^Ly6*E15+MG^FwkGNb2@?DygLnRX#%FJV zt=%c(^tHTC#ljlkWjT1w@M!Kz;XfkFQc^1Ig;PI@-|og@pN)|3hb-{Q<%#9F9w^L8%p7(o!5KLgX}q>>le57eV?R!~CZ)!|=EA2Ty} zeV@+S!(ER&xmp{o*Rbcr{CIk*g|wSL&Lz*y$({P4a7nfJZTglc!}#D&J1vxQGvo*1 zf{-{SwRr`p-tTXkjBRB8`?EmX zD|)6HUltzk)}?y3sJqt&KYFF2RcmVSnvX%#h;z^Bfg88w&%b#t3};zKiPII|1qB&; zq@s;4_mU2XkV4JUz1FX3!cQ^l{^1#}s)6<`Pp6cYLy;=>@gmCJ3<^di(8U-GMOuoY zSGD%7Q@=f0BNfViryqTOU5eu!*01>}wN6(pIi&Zx#Ot&6WviJV@j0_A(3U%VYE8*#On8o@7S>%Mhre)r#fWE)6c|XL~n5o94_TS0yH7?3ww> zieJBz$C$CvrN`$0?%z#Hz*4=~WCkKv^40MfMkugR-GP!HINtuwFtU%vaef?e(?LwgFo|4B)*;%M$W69y ze+ll}z3<8*4@nBu_zo*leP5YzS=2U~79Uas^kiXufh^o^5b#^eoEl~9-@h$U{Fmtu zgBGK(D;&D+-&0;r;>{8Ck2jIscX;nRHM<0LV+QgxVdIbQO*XtF_v}a+`Lf-%`%Y$~UZDXdATICu@K_^Xc&gDWH2BkAG|spP{7qg^;-Xu~ zFIe}aN}p*~7%U=vd>Q{YMA{RR^VQ_?7wE*iXeC2&@Ne_Y@Gnzt-zL?p|1Hhu%<>$W)zEG79MM4HDe2V|;k>ZB$qPS2mm*t4%#I!Xtum~8 znfy1jGMsVYVKn_6B$^>FM3%VjN!om?r)YakCHb)F@f~CWXdoYDAfsqF*gT2DSLbSh zpjepzl56?^8<(ZxtDo3nC{lf%?*;p0u@>p&vaA=8$a7(D4D+5q*;Z<@H*|k`KDyIH zl6Kx&1q_78R2rmcflUHF+D#e9hVE`x0c5NS_WGtByNHx2sm|01$ zE-?PPZ*Kr*b0g;UUZP{od;U@NUygqRWv;48sNrsc%eUc2f)@=5zg|gQ1#xMY8ae>dYG+~M(JN

_(UpFv|Hp zibmI6*k_DU%FWqp4_uD-K@Z+OaHw9?KD)%$Z!Z!__)LVa$(0QlhusEF6?`1$2^Q|` zt%etZ^IWfBCc2f|V_WGs>4ei=zho6X>zQ{sEa#$LOi!ju*;eovS4HWr*9XnpQl&n zAK-U*^8*i0&LsOy`fD?dY=Gw1nEo8SdeI&&odyKZ|0wWaCT2&S8wA{f9ZwpO{Li&L zuVujMjq{DnO9!7QLlWS3W+->dhEuCure>@|t9@yg8XE*TDdNAGPA0#O`}K46Pzc{Q zof-Bw03rUx?EUQhxu*H=ljC}2j&a+|5;uu(VI+NWLc~mq%!QtMS6Gkw{qtCVtK^GK z_*M6Qpy*@&X`c+|0I#1ErdDq)yYQ_NEU9(Y{N`GS^*B`793(00h-X#_<$grd-D*aF zOI7%Bh=N*5KU>RMu<6!aE>F#*&dYS)r3{B$|I2;j;}#!M%3WW=^hC3lbsZ56|7P8G zP&c-iEG#w-P5CN>+@4_B_`j!#OTpPxNGnI|C#rN6f#4IZ6f!L~`(^EGPSmxv7C7pl zWKcrv<6|=hGcNur6*epSdbnmsN^uo>w zQ@d#`^k^SYVVC{7=7qd{p`__*KuLJ68#3~R_%7uVZ17JZaxT4l(_?b>F!IJ-pd(uk zoPAUm)gTp@n6Do?uSV};Cy;EgKzGgZ1+j3W!l5&DMDk%(j@uz`Cr?BO{+%sD$p`&+ zcG-Y_*qcfUKm9M0-xUIo_m?xfAG3gi@R@p8UOW) zQ^IfKizSEXEf8G*Blz@EJeizPJe4ArO@%zg@|ir?KleM5>SgyvJAv&6JZSE@oUAJ_ zuKZ6Q)9@ebxK)ot)ygUxoc-{;`-vfVne`66`f$I46)g#$V@GH8RFYeF9ym@su?GK= zXB$ab@w`^f1#Nu*-~KO*w5g&upLp(k%hxS#0vh`ze~+z6FO7_qui|dM0b0!i2EE~}-d&dd7WWv4pa*`c#UuJCS)xb|Q;Au6`Mf47 z?9V!SL@}v`7e3KUGF#o_C2)-NwN%Fl9G;<_rA$`4@JY=MNaVGDKD)cUsriM!F=`5w zdjRQ|7x6py9((iy`Qy19TuC4uvadD==!|Wbo0-TZ4=z`b3KD9^16#`-aA?A4> zD5^_Xl|JeM!Hqq*iI@YkWVQ3p&%8zxfQ(#THMhZTW43pJ*Ff}8o@uvq^Y@>EJ;{QWfQBG}sU27cx~lmd z{qe&HwV0uapqM-nA(cUAu{>-tKi@S}4R!S78<*34mdL%Trg0XI+xIb3?2=W(_~-kD zz6{Kf)kcpqA0b5~I9Nju8zXa6^Q|{?b1}&PWY9^r&ao8J!5q!X?MbgBuzJvyeP5q+ zQ~xzKNi+8EISK&_BBd{eN}fop5U1%M4S^jHGDvd=?`F6Ebw`pPu|R3qrzyn1c2K$kuzO|rX_WKa7X?+1|aOS=+~Dit&F;o_#m&$gq%sS$O+;Lq2d`EalK z1ucx!iE7J`RH+r84Gs3B6z@`;-j%O=)`7{mJm-`EPSXn@H8Doag|{22Iv`h- z>BTLIqG$!0f`gos9%!)+>G|=|n0=M;zgc^6ghmZ+Z@R+_3L`>zpaZe!sCHgNa1E&$3y*JX?r`trD za>bw=9E~dVyLIi8{`X23#8I>OKkl0o$$#mApcov(6VIVuas}!6B>f~k?wAFf4RqtF Ml7?b|yh*_S0Zgt-hyVZp literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine400.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine400.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdf843bfc7c2949198253672848dff666f43392 GIT binary patch literal 33150 zcmcG$bx<5_7$=CkyK8WFcL?r;;I4t7A-KCkaCb?96JT%{9D)wpZ6pL>4Pl?bJn#$JT}xgX zs%C=h5Lke-l~R?0f~rqMeKv;&mXTc)^xdJL2=T|hwv<0{HZ>3Er(=E0kN z{6jc|>G;LdQ%Ru(=21YhUQ$U)T3S*{N=ljp&OVjhzO?<{k9!=n<;r)35(03zwpS^PYRP#y!6jc-RZE) zox>dGuA;as?j?4bgnwt5`Vmc!#yO2m*>W(hsIZVqDW4|XpTVsX1~_By0g(4K{mbow z>0F7ex>6Q1ezkGqU>B~?f7jI^z1rmw`v^If|L{Y%Os7he`NI#{gUN!5rAC|oXYWzb zxC|OE2AK%mR?1+{^S8m~`=s+js|>|@B6q0^hl{3KQmsH-6?K2I!d|;#rdTfa zZ*M5#T^?bmar;-TrXL?p8tYnpA?(!#ty=lmHf!shzH)lv=VYQ@Ny|;2ujj_Bb_V0W z5l*198vIJ~fgH&}Lqq?v9KtwSEb27+h`0AZr@7sKr>Ow!_>Hb(fgbe>SQ4e35+;$z1f)t^#)Iq#@>0 ze>Cn~i!+)h@+_z2|4ngWzX%k>olZBFdLy6e}G)stc!tz$d}?Nm}y|G z-L^Uu=x_QJ2wN}>huh*;^<923Q_I-hrJ9_ zjTax&*&-RlJqnP|EwiEO+Tj?-4{e?^w)6GQ9I!UDgKllPfO1B82t4X&W+Ak6t80q$ z0CTXM+tHk2vsPFAxq(V1XMVX#7VD70N}F6&SqUq~wO8R;3=#)u^(3tSNOS;ZL%q6uDDJb^r#`jdFYQ zFUzN|mjWI~rZ~VU&Zyqxuux>`dy_=StG9P?vcxl&fIk!z+^xOTGTMM+uf9-gN(dbq-EQ+cQ!4GJ zPFdH>qxR)CUFC-{-K(eFDYHy8^VgX!vG!B>mh;u})0O5Cu~N&|j#iygJI$j%KLtKK zc5t&a1UM-ddDd<)s;_s<{q&^#bamSD{kvFHgJcFHaEr+oKOUvDZKFS>iLfEU&KD zO4>{V*&c3|Yzw9{xk~n0u_gy%3H6eVl8U~w8@ErlH68C7%RgN0Eops{^1j-|4%{0} z%dov`_f)_0`tBbbewW7bQ3(C?yL(1WF;ya&5Y1r__tGFrp<&CJUoGnCN=sron;|oV z1|=0cpMjTgC&2&7McBF51%NnjioNr%f}eO?9ycRe*nBatKh zELBX=awMpW#-S@tWzrsL@@Ad;sas9&e5+ldrs~{z%WplL6bxU;7flG~IuMh_2-M_M zdR3CgzdMOcir@OFBdpLeq0mt1zn(1m5rof_E3%w3qlL%f60!`1XC-d{fpX)*xJL^EbAsjz4GW-c}^xhHCxYe7zihQF}RvQo!)4;fo zHcDsJKfEd%yE86caNEP_EufK8Lgop4h4IUk#>2aN#jwT``AViqU_V=)b|Zt`rxi;f zhH&6%5!36sxs)Vd6g&frVzL8ggVAJKMAR#8n$@CGu45bA<{#WPzZJ5$t#S6c1J)j0 zs*@6`kbdgC8a1a&yx5tdlQIrl7@3r-00mVhqt>Ws$1#gJ=IRQI2|lF$_U3R_yJEt) z(xmh8ifdG}UH*9Ych)SPh^`}c1j4;P+kyjkDO{oBHwI<;At(s-JIaVlR2rmCHFA;B zsXr>s26ty`GQm>4-7z83Trz4l_iyhENh;Lx${m*)qOk;I6S2isJ>jBL-nn94hP@96 zA9w|8bE>K3i}rfYDMsYjOy<)mP45v2%4FxNJYhPe$MYU{5e9h~ie8w|+ug|+n7)8&!#CEI;bhv~1=~6!aItsnKCj({*;0Vh z+F%z6|9u&SFba{H%wnDp2fJ~Hf`IdCoiSs~6*q9{7CmFyXv80CP4d#&Ol?fj>1}@N zu|`pf-MP>BLe8Qk;jre^icr{1yQJ66^$>Y%R5Cnqs{>y3BZ@}T{aN}&V(Km+fy3z$ zEhl+kfmHwI5()ZC9M<0IbGq$9g^8Wd`5wsmuhA(b&KZQ%-7C?25L$5$3qf)S9*!1a7rR&b% z)@v~e0R}6JV<1GkTd&?i^SgjjYv15}3cgjj!t0=sX6iwX0uz?X(=l9#kW=nZU^pxb z9g`v9lb#^SRJ(D#AAB0CzS6|`Y8TtiLquOBhU?^QD%$rjgmYy#t4a0{LRY7y2BEME zj709Tv8bT;t5BWCz#y;3LN|oUVAcPY&S5xlXyjyC-{ZbxJQ_*q$2iL4am0H?vA5dl z-i%soEaEx(dS-0e=5gGNhDzOe|8V^1(K|^@(qW{Q#a;HCjU3`XTdrDM^{V=fL46{I zhQ!^J*yorXr9evii1l@b(6VSe(~8$hioWWdF`Lp?=ou z4o;vDVdk)coGhuLciX?Sd}(o7FCI`PXvBBb7fHq4c0f_d!x~d;f?O(*5S^mlF^?JsqnhuhECd<>3ZC}O7#t=Y3XzzU#cwa?i(N`gjlqaN%QLT;X$MQ`RNDS0{^sk#L2_5+}-u z3Cx-xVBDu*uZpaxitBp06G6rW6G5hNF^^y1R%NElkyxcd;Ajdd z#Ql224)Io3y6JSIiFNB|T(zp;I=;yJ)Op2lJjoesQ4*k=C`2N{@rH2+yo6J;#2xOu zC|4Ua{oPR)$5w{62YYlh2IKThk$-!E{)}qq* zQ2;5~#{Q2$;3aCn153qTVgCyT5+nZ~y8l18DNU7Rxq8lfbkeyBgxl)V9A}alU@Er* z&{i{QtiwW$=3BrEBPZun*VW{M|E6Tym&0%VcV9qWmozUkHRNj@-YN7dnLS&kr2qt* z9!X*NOgK8be^DgEYjt7v#OjtSibf|Xi5CDF6 z`u%ndrnlf0O+Oc;>4Oq}cKetxV-s@s|UL&=%@flLCxM-G=eyc@~nQ-P@*q-PJhKD{~A zuAz@7UGgko=X3Bo+{XCfe|PmwA}}E1<9dg;i0%)a5nTp#DkZ#E%J6h{V`+F)g3{fQ z6y@53{^*^Xg;XY9%R#i!42}Z9JYf%JS5WcR+r2*(xtLq(y4Mc+CFVrFm@=!E{n=`3 zD!(d;Qr}9e`$46CV>xg9%Q~c8UAscH4485>vwzv!vlt31rqGpuTz9k%)bi}^FU)^g z44^z-^r3utdF0C$v1PwKT8phN{jO6is~7`Noqky1uP2fNu^ELxeVhhLZly+%G_U(U z+Ew6Rbyx%pGYFmC*#3BG4|rb_#*=Y{=w(icb^BV}8g+lo zLm^~WQBG$qr;WtC=JD8l&Y3XxQ>!*;-gOa}8H^{bR9R}k13<)blLO)H@k$22yPwJW zda8)0)2EekzIY107z_$Q#>vgSJ?n~0JCXw#h?BAXpC2E->|Np4<1DymYtjdWXZI5l zVJWm;?-ngJ+Ro;Qv$H6#j=`pl09i}PcVAu?hf4Lj-?lhmeK(lnth6+~b44z2r*81u`yzTefrySpq_z3E7QGHEHE%z;dYeSEY)nJO>V`?-X&q zkEwP)sa?@4@3W?Ie_(#Riap}By(1e<;wk|hj^8>CZ%XyYNFKF+pACY?QOy?AJo2o! z7^qxu7Hh>gN#|x9Jz%8WC0@ol!W57+81*n4njpV9$mCkBK^fu6xdZSw%=Zl79ZbJS z4jgU)xQuqyV!hq$V0UhJ$z zKIy~sam&WL0*VKTVgTMHPv(it0b|9W(T6YXZ4*)Kw{bW=I^xq z=dw&W{CA}Vv*Iu& zmgmohCMD}b==o~xoa%_d8`Sq!U~T&4Gv$I$oGe=48;Grz1WgzmRy!_ z3jUqN=8c95-^t`O=k}tGVY$|}na}T|kIxc7zg4%L?9%4h$cnWq;A8yPAG*IUW`)mf z7wKcpyu?^jtNT6(e_3hW>f9x3q%(DBR{`@GrDQztp<0JT1 zBi!Vm7y#5O?W+X*uy#>qzx&`=_{3BJ0gVwEC*B%V!YW~n_W6(Ox+*xBl0xpVX*=o? z5B+?B>!Kp2hHW6)oyU4PcW;}p=wFbt0fOOdzU_dgyHhu3c!-52J0b>|%ZF`IY2uT` zdgGZe3d@wicw^T7QgNDd68_3_i=w}6fp1;0;XfQE^Vf_%whg;ehYm6I+#CH zG5XFa_K?#PqAEwjeje0YWo4x!(-p5lKVDGI_kR<6cZqlUwjYago(67ob#h+?+3u)?gEqSSbHaM_ zI6m&Yk1stn-uAiKLfn(lqhi#)2XxAsV}hqz({l%=7E7bEq|X2%`BSASbA@j``>h~8 z4Wp&jR5srYagERMuLiQipC4)8UM*MoFFGno*;?05_S~%Zj+Yy(W9QVvaEZs}am|9C zcQXFcDWzjMymMY(IGov2#5AF#E4Qz>bx^D_C>un=kEEIMngh1MMneKO2{tOc6ec7#TZ{zg{(<%Gu-(*5?5=(O7L&~l!@nVyhuK-?Sw<M!WD1SXRT;hT6|NZ7Ibtd=%tj z3DQ7Q$5M$Hc09z7qAG_Q7CdHINvXIzfH&74c%y|3moi3eZ)`{iu=oyqmvX0S# zwyQHy=Lfyn;R=U^T5Zy1PW|t*;jx6J32$QT7DeFsd$RALzJjj+SYC#N2zj1W&GGG$ zvO@0~ds&U-X8ri^Q;AgvP&0;k2&{g>SjSifzD3@^55dP0>cTJ%c%VS0&nDcATnGsc zm)xXZODOIi*J%mL`$xl;8wUEwxrF`hH9!Hqz|f}m)iY^vUc))IxZIZ0$r(dQm#7+v z3VI%V!aIYCF5B{J3At~y8Kd`}Dsv}nn>fX=hE}F%K)DST5wQp!iYAq3#lCsQT}n?$ zAro?sY4UsgOvdt~ zY2D+&JFF}5rsDr}TLCDM3Pe~SFSGgVFZqeReTbM=&XTk{`Qc=g;(mI+rSAFAiQy2! z@%#=!NnEM8cto-VA770k#;1a4V3-F1&B6|N{yNn@9^T@cZ^IieqDX{ben0}!DUybF z75V&#_GzUiZ#58Sb+Tw@s48YcjMW|uD<)Bp5=8oL0o^6`IT#szHqDpKjl3^(snI&a z(&eqIAQKd*nzyfOr64dv6#C+ZSpfgX!xfb}G6D^Qq5&*ZCOhDf&Jt9J$fd6+Stp%r zj?|CE7gK`fxVMAb!$PC)+|z%%kr60l7z#E}MRFnz3n1N8t@aXeTQRCWI56Ly zOGrj=z2!5~$aXnA=FRm24|4XOSplHnRE%tB@EW5g+VQ%@0CG1pS&PI0?a_NPv!GPh zp9O}~QP{NKy<-Ws5idPlPLW@kgGoWhc&` zNEZ`%>D>!!i+#p0Mx+!Ba5OukrVKTb(n>u3^K;T8fP37uE=m0HuVw3-=R1X@Bop6L zz7gks5sO^~Pw&Fen4)*PQbP&k)wa9$?@pUZ`wKYDX#xfjwVXMtD0Ss$cS-T+w@Jkv z1y%F-^L!wOq{XLU2(ME`z!f#+7Kr&q;Jj0zx`oR-1nB1UigPzxo&eeypc^@BnGUIE z5?L_5ZO}ZYM#^-6E=%h}?O1g<%aJY$y%sfgm3n8kAlqBNgz+fD9wS0)As0u(dmGxZu0CHkKgk?d7ieGs+84J6|}flQoc zXJVf?aF+rOj+`~_yz4Vf8Vn4)Q}^>WD!}VfkbEtn`}cWis(bn)T@olI=+C$!-cDOK zM)+<5avG>WZ1F3_8okn2HOQ7zYi%ACUH(rBMnr^P4G=xgAGI8GCqR)9j7l9k<+M_a z+>HfLq+w_^?lTEI#FgXo@~`dlldML!&-1_aZ{RD2QVH)aci<10))V81xTFW;s0B;p zV%f!h60KrG4a3ND5;Y!$1;3O7t-7$U%OtqTdb=nEN6t=cmG*9g@Es)+@XND4TmJa-W~}B zZqLc)b5IbxTwH@V(v>(Sa}b5T=ODHG{m&9wXEineLr2xxPHyNe{=#edSYwpFE_P%o zDnbFftvV@oexAdZ;^~A8!i7u1i0kZgd#kdLdl;YvgMDEbxRScRb`3`3emugyBK5r) zy$pbTHCv-x>@L7R>cB#&w41iL!hm<;cV1_8rQuL+-`fl3 z+}|AMcb~P(RWNiL&_)r?7v8%*TDbZ1d}gw#%KVl9OyFbfeH`7-($A#fHk_By9h`)X`^-8on!k9^zAiaX3l2FO&1biti=f_6)Bwl+QZ+6&i zz5vdds}Y6*Eirb={uZkdoDr53=kk}H#9zb-CH!Nuq9Ut_R@S;rpZJj9u1C`jccXDF zu&JLZ#C(**`^W>3V-x;#tKxOQX8m)+e~2oVyPQ)qpmsbzR2Nmh#b}ni*J^d!D|3^; z?D=#w+fLZ@RMv?^Fu*evIymWfNh2g5OsAEH6}(9XZpIJ z*LjuH2R})I7VTjfi$?$zfu3E*hcIh=nQP@ZBChBiRGK^V_mnw?q4Gc7OO~YRpO220 zsQLev!SY*S4lj>uzZ^`EKb;IfOH2P%>;o)Jc}kYdKVB#*(mR&3cJ!-GE|x) z4}Wmkn}mcR@3{x4Bt;;@7h#<}-cNCK|4Knd;(CGexdg^R3E*mJ`*wBNoRVB!#V~8L zIs@cJTmy_~@Y$dxeFWQd@~I8!6uU2Sx_msx?!K;wdo4VR8@AgrvVE6~Lmc6!c02!g zE>|87gCc9nH)77MEloA`3N`XQSTU8=$dR+(vH?)DRKIh%`ux$mi{1cg@=(d7->}P# z4p)wSAOB+9=_4mT*C!v7nQnFlc%P5Q54*6GVX?MDyf>~p17*DSGcy1>+of$mC*@ZN zFqa;JjHRVuZaS@ZNOgZbXQ$*xC%Hi!&lFb`&kX_hzHGoeJLBUZ|qxfZ9&ekAgy z%d>L(S8n_DdP{lh;`R-nI~Q_b`hGTZs|!WM7!I=p6qGNNX4Ir74JN!rtI;bPgd>r|C$CC#J4FK9dAsE9~^(H9m9iX7RJY%JeU z%*+(TvA2ch&|YkDdTDexG7XH*Y4bQ5-gN+YP6~kG#Ey>UtA8Fp-a6Ev;ESjFNrN&) zF(6#Xl-n|km}eWFr>m_pXO=WVyOiL^LO-E|^I{c@NaWX~?#y>sj;kQ4yZ`$}V4E@@ zjNXy}o~WtM3LqgSeV>&B0^RYOBDg)hvlnaqsY&mWJHm*Ku+Nj(Khb zu%siEOS**EkBNM-<9IboGqZr!gUbxVrj+ls=xs+*;S1t5S3twXYv4{c3B3LE$11;k z>YPRVb=NX$hRSfhin|)Q9KDAZDHH7+u<&?YBm-MEo=yn0yDYQQWTSD$c70tfh6sK_ zo2@hd_D_kbW>=|BkPG0skp0bkC$D=HNxxaa1&og<~uy!m&Pe#2-THa$rn zoQZNedx;=xA@%0SYa2f9jB2)MINed*rnT}>Zv_R1l^lMC~jb&JO5%S2eMZ^R=RTEZN$CNS@YrC6KFjR@m0RHx6?2U!4 zD%zxZxvnV3zJS|=bEs`k1a&1KJ8LH918fGvd>kXxT`fN-NK*g6?012sJ>b-EkL{;O zcJY2*j+_0HBitY@=5bV7byN;mgQ9>n2r~v9OKA?nrxFz<_jTFx?{Meq#$oKyA8Tfm zo94XhBeP(-RbRXdh4P8PxihSe%o9}YPD^R=xLZOd0~G@HWq|ShW{mlsu!WhjXbu+R zA&##U-`imKiWGAZ*06^u50*VzuK7eDxFdzIs<})H?I^7Q$-Um5V_p zXjTy3FNADu2LwT+Tb$O4iFs^>Pk#S*x(30LL1w<+l8{kVqA7@o6abgL5Kyj`Khh2Y z^0bGTYYrgRPyMo=wF4AYw>S?iW}V8-{CV+WB6vI!qZ~d5UC^FkwE-WHuS#abJkYrX z_Ua@1Nzss%%H!s*W)>z3kYeB-cm(VRyMu|me@gTr`oZt4l>PA>hFFmz+c>dwH!;8a zIwTQRD)_fdl7QhP>R(Q4!dYNZ>(SJkgMz>rKtkLT1&|ZY0l+=1FX?X5WAT`1Mp0cq zFEz;7gvtum;s6q9lKrM~8Z+J4Blv0&NZSAkz^#n-!w*!s8!;Y*oCNrhoRu!A}V*&)qLEDeaSjB$4`K2_;A&H!EnT|g?s zsK-K$aq(2$GsoGnRZh&+ry#n|w11W-^Tk-CY1Q*ZX#}Bs8uYO16jSK&Xy2n@8`zjL zR+T~bMl_9~|6M9RK%u@nYd_ZlVo!9eXrHC1d({Co)^S0WGVr+`soc5i;r%@EWI9_8 z$onAA(+-dVYImmyBA|*&lbwlX+ze0=F)8rMf<(ccKpJDoGm777mC-x4gE!WcO}{}l z6>an!xH&o?7xU3H7D9g@f2KtNWZS-ng}c=C;E%5C3b86NdWIo-)@E~mO#PUrz?9_w zbk}OTGr$E$SOtF*2Ea~w8B#21C~0KL;4lh|V3^?ca8$w>fZ)qf^@MMU>NgB?RT1A*nhu!b>6vJBY3vsDPT{ad0UGD%Oa~(+>=lb#3|{fyBC8(2jr!*W zSfJBvaiAGlkA0W4FfPoG50ZFNz;T4aKFstBn73C?(gr1+tz>>0e(?P z5iVMwnHM|(Oi&XHXI1#0+g!6uSmmuQ$hz;`FMI977wNhWHAebyIB?mxH(#(ZSBb_D zWekY!eDEVx3aiYe%qU6p&}+M2+jd#_OI)B+g;-^)@SX9*u5RK5*0EaRN%+1sgzUjs zL&d`9g&H({3MVF%Gy?8?iA*Gh_stFpfLn}co-yFWRN`taqi8*j=4iY)OW}@Tx@!QQ zzyn-bVuS4@JD6OCoakeubuwT{5YrB23a4VN7f5olnRMty)Li7l!Ju}Z1e^868r(Rc zXRsT8+xqbjh9)5gNWoFxZ$(mexuL-6!ljRdHz5{IQG;;lRTw#XF7uJR!%VHrF_p&| zU3NuMug})n%bqnTfN`DSN#+F!>lhMYO~oF?*h3GGhme2QD*IL>tH)=P=t&Kv^in*{ zDhaWTLrnnFld=OgdhT1Z`Q?IX;D|5wjVwASqW&uq5diu2_Go96mm}bP8j3zL$*M1O zlz#YUuBrh#0+V5L6`F^j_i=U0?n@Zpk6v9}9d!ol0)Nj(`Cs~`mx?kPGpm|=_`KF}T-}Q1X&wc{; zkCs~oaFm9=Lu|eG-&`(C!CdxDXT)))w)a$mpZWbL*{wbilU);7Nl@nh0WU|QC~RRw4&a zH^SHgLxUymzdU({g*x0X5*P4?5x&Nvbio2Z_?hivtx+<^da%88(Q+wPz*C(Q$aw`L zl+-tgY-es+f&#P$4+fu{qT8-Yt{tSq_J&!1?sX*sUs=|%>u;?vI7wG<+_Z||tP~*A z3W^^y-+e`MDzch6e)okWo>UY!RpFwwjP>)!`HdtgWO`P}x^VK&kQC^yClL`J$d{mMzyoPYk%<0ofXBUIj0GV+f+QYX3fSKH8Tun<4x_jgbFo zaT)%+-kcvv>utXA!LfP|KXGIK*6pzgECG#%%b|Fi}efuj#ZhqaJ;II6iFq`mm z6MX$l{r7L%_4!T6ixZ-UX&T6fM z*dM5r!a!bIA-@yp(4!{v&_~TkV%NTsEygRp3OWgc!TSVPiz^Fkzs0Re{AO&B$eWi) zH+h*Mg|1l3wbVC!ErDU5$y;69@B-bSx3W9;Xzo{+NmUl9XYHQho`(D#z4E6fZ62B+ zR~up0;QEC67BDJ?0BhAn2&5;BdNiY@Qd3oM-UB!H@=7l&yYqDFZXe-nv)>2d7+Lxt z^jefxS5%j%_W%Jo{$)#0ko91{zm)ue5jr+Hgqm2Rvrb<*aG7B)bbMVl}CsM3+Sq2mPal!JC#Pd>h z5j1Eb2oTK%1$hwpQNW0horKmE6)j6+9q8Uu@6;hVWg;z+S9E$7@RWN}uv)=ZyQtP} zj~|U>U)=Y%S?3LN1xc`|&e!{!ozkg+_yb%mO#3L^FyVbPDm?_qu0| z=Nj5Ko{iNbPbme7pdtBtE@L$tH6f|Ng6p>3E#S?cP%Ygp%6c`+7gr!brBDI=wW~IZ z=vB<1U$53d8V==3EuI+aEx*s&gpAMm@ zC!FjsT6mj$V^5;S{JSxXsH}u>_E$w{b?b<_&i#D9lb+vkvRtjTds^#S zv%bSO2sZl^z=&l_yDf1xh@uk86_2g=xu2IAiw?B4stQT-q2$Jj|-s^ok`IW<2$D=mxuKZZv!rso+>Ec0_uYt~Kg z;&AYu%uu{aMuc@8PK5kQCD$`JxL4_&tn)^)8g40m#LI6tCuCKTT`Wac2@cb=yj3~j zDwnG9J7<2uozC74UpI`#rQqmxtbotX>9}L$uh7W)uZB)}2?OwV`+A)6%_7j|R}*2D zEYnkySaE4iBZeam7?i#uwQPh0=>oV26V;q~qkWEg$h=mf9P}Dg$p$mJ-T}RBEP5`e z97h+im^ub3D+zR;xc-QjTXX2u6{?IS{y{VUyxQiWJdesny4r_cemFGum|0A2R>V}r zjciW!dFo`(NkOHrj^vwAdbb-H$?Wd5MzHqqFh}f(*U8sfR|KiS zk<&+f|%2C36s|G+VQ&C?nK~%(8QZ3cNam8cO91|38$P^jcJHsO-PR7k<#@9 z!i@wXjbRbd$CsVZ2MtRBtnfYNR8^c{IpOiCoM`zPS~L;SSBKB{90!6;XQa~ka&Rmi zF1=!cQle4X+l_CEBvs?3LvE1}qYCBYAptMB~&8 zq^Kui|B%+-%J%>3#X2-UyGXj7+~DF^2jlH-5W1hQNZLc;@Yumx3FEEU6D!1+RNM8a zR22s(*Ge3S1jtp`t3yA&5yc!W)E2P9h0C?pJ(}6o{U~yGWkefNIA{8i!CO_ic-`u; z))wh7PjPk`*UOM7~4VX9(NdN zSm>7=!Q4rFx9hJPn5``@%Lg_x`Z>pgffs|2+%wfjFZYUt=ai0LeO3}6+dT>JpohG8 z>lmFN`<$_3C9d0Vh^n#6)6RH|gq6^USpVk)I<;$2dNSMG4qMNC@n=DZ8|K!cuRCVW zTn<)F8bzyZ1)>?HPt?8Kd;DQ#7+tJi5m{CFiQntg3OUQw3)D>gF8^gcXVzFy&{HP? z)^oyBb7O~P$7&~Qv*U1PX&=^$&V27PJYFsPyA>N_;&?y1)4M%9+7&l~lHlt+1^T?J z*qqI?*#1W6(xh2IB-XdPCM*cKE3xOk=xY2926oNq5Lr8XG7@DZIK9(f{p`Bcf1C|Y zZfSXP(3hqA)OL{I=pj!@sDB@6r{4E&pH&%hy$Cbg*&m37ncY0!O9V>e( z*2Lx75YQ-MJ?;~fadlR3Da;>Q$!u7tFXnYpO+iEwXPDJna1t`^eX!5_lD80VxQP+# zZ6voWxc%!ntFFpi%$+^jT!myH@pRJc!PgIV@cZ6^k1p*y>GOIq0*s0QAroh_g}dOU z49?v-VZw|H1`%9}tKY(eC!PNEdWW1_diLM2PF+;*d&m=1|GKv*-@C5MWcrPWhPLA7 zsu|VS#E^bHA*eYM-svKx$AJNFq3iupI(G)EOBlR1Z;;HkB0KtM#B~NN}N*a>*uk zXO+@-U1Z?bUCs@_5-`xYEcEuVdNl5nz+~Q}r6~3wxkloN6+(_^B&2c1# zMo)`yTVy(+L3d$rQ^>Dpy{(aC5B5Md6%rS?bNaX>!P+d&ydknKGOk2G9~J4OS8K$? z|Eds2xfIQE{NROZU2k9_^Mr|TiNKPOG!(H}N7E%FrAP0WnsKY#wdsD`b-GBu%d^z? zu|vwcXM0FQ@g+&ayQ~L7&7D=eW>DqtvcrY0?qmG5&sBitDL*A?3r;}ifQz4Z4vR?O zN&pW;$jt8k$-8mpIBqD~{{9SiP!M@5QlLV8EOxI~v{sX3e{q#ZZ_*kr8NY_dkww8a z)6FVx%=DgLPyWK`H1r&92jdUimVlliFdy8sGcNk`8jygvIX7!={q6{g z*NF%dEw_0?Rv*TAwQaE?mLfa1OkDg1t8sA?pTlwzRquN*!~7^@T*!1EEJN`_G7gBk zeDwck#1sxM>W|pJ2x_WA@&9OWiy{m_LbbdGl9LsEk(etVUx_LG?x{a~*BTJl2EGU0 zE+YbiQLATd)&4aC9nM$h?C!V^m7sIPKu%Yb1!_ziW&Y!2{ix2to5x4{q}%hqAy@|Jg<#&qYHYF$Zm%;4bXc#aIytJr=z&zTN>c{&6l;hMkf)`9a5 z#>A;dF&(e%Dz+K#YN=(8!J)_#@htbc+#V6o1G-TN{x!RZzdgI_ljEW?;4|wCe|>Pf z0K!AU9!Kv^*E=Htzn^~L)BL^GJaR90)92;pvM+}-Be$Oqp6zbtkLUJI;qdrSrce4H zhkcIqj1iuA2JVm0ryVEiXzcQO0mntKa$V=X0Sg#C8vBDSKzCnOaz7p3ufJI z6~~`p!pLG@b0*8;pAZMApzzs$fm1*U=LHnT(JUSYd=8VJ{Y=S(m1~^jpNu4{S01*m% z&--MNi>U;NyG#LEU};IvK{$L8n<2k2kOpR*(Wx~NYekTYX?oQzRiMT#0)mGI<@Df6 z@Y8uWhk5g-KT6v#45EJbLI31ePp6F{1Ecea0tt1tz{ljaugC9QxBJuX(Iv)3r+dI-mKQI8uUe2IH7f_A)-SeE%5!#Ui<*vIpjJG)KUBNGXkZDZ_+J*PZU= zv?V_k$i+OC`TI`4+N_zYxBLqf?f=%d8_)jp%i_U}*`Sn>PW5PM)nJn3MrqoN>V%qX z+K$pi-5%%x{N=E~u8)kaWCOh2T9>mG>gviF>}g{8Cof`h0=3M9Ib{20f9q-ZQ> z3@$^0o*EFf&G5b6A5ZbZegh(fa*Rb)m#Z3rUi6LoA~Uh>{pc-Go&SM>Vp#@ory-oh^0#3?SxWxxnhpbXFp1_JJqg!)vr)?1IPQU@?&8m1afm6%B!b@>_`MG8=G;zvsvrU6Xeakjk_khh`9gf`#pe&iTRiLO*q zVH6GKN?Q#w-@B7!K@DBI5=y^|V353Dr38@$GeE26*ixIcLB1$gWRqdPiq?xL7?e^o zXTRhDVPuv()?d^vmrhh=ajL0|x;piu=>=Yr);xoynN^&A&!Kk21s{jgf;!B;brhmm z#-4W+$ry3C8*sAZHTm&(CLyboY1d<$h-@AqR3W@i<~4NNd2eQ0kMh ztkEb6(PO~saPEF-=C#SSTtt{e4n_%whK}iw<-k~=B0~Fn2s|qlpT8Q?fG2 zSnNK&Sc6EgU??zQI(Zlvcz5Xhp+d+VWMq1`NK#2>Vz;;%rIBcVC&k@U$pTQ9T?tkR zaT3bhQWBFF&^2`$tQ5T|kO=z2Ig5s|2*6=x!G(Q5+XrDPL6{`aj=0wMWjOMmz1e}~ zrJ?6VA-dA7YJL`6vE_!Us$oVIPt22jeL=32*@L68nfykZ%^4tiFw5ry>4cp8oWwu^ zQgbh<;t#tioC^={yNY08;1R0W>ml2#Gi@!1deV6n9DouipBj$v*(9RVUP(9CrS#!p6W%>X)k!M&IqK{Hu7RR}e zk=(rU*iNVb!R&INyBO$$4?h(#5A_Lo4DnYg)9h9 z7)Cass*Wor-H+-{dCBiEuj1o~(2p(V^F`Bw$SLR|qG!;3Q<(K#kc$gOEYu{ff!>yI z82pUYv!veEk{Q#M(DW2G0)LQ8VH77X{FF9=f&?7S%+s3Z#)t;e)lk?IYwtCcaozUa z`HK4Im0#uqZL#msDA^z2oS)rYGr7OI#geXzg%>+IYtQ2k9VG6e5|yT=}V<;>B`odMQV!6+O7ji;0cJiW z$F%R=b3BkAd?-5nwbNP~zpNOvEELmax1lm?}wQ#z%kk&-Uyz4^^MyYue6v$HchJG=ZT zgXf&*JkNFC_x1gLKNrz;Bu=9d+_&31p=%D&Ho3+lYM0At1?b^a&KDG&RsaF03Q)@n zq_O)j1j3@@f>`7~FM7#ePIlhk?f?VlX7*!u#PoL^rgT9c2T*phWZZm>$lBNmHiUo`LEp0c9@*?Jvq zEDSyhpB}mOO{;J()K0Akh3cKS2Ix!|TlB|Hw%ISfA1>i>yV5!)oS5}+D9rGeZS}q? z^1VK-?K6|vTrx<1<%Ry;tgO(dVf35%A6<0sxYStcC5>4}#5n4eD@b;#OTWhO;09jS zN?k_f3LP1*C8^(ql|Zw{m>gWO`egYvMu|m=!}NC*pL75m5cXMRjYVMU4;%&Wh77})TkCP>gFRJ+c=BJW!#!D=@m_0ei zEsl;sCQf_dPoc4tV#@8Gc4aArKjkfow{4QUg}K;_N{W1{C~UHOqjT6|!0hd2M-~(~ zRm`jwtGl^%pjNfbr8tn_HT6{nWoJAHVR|j4e!5MD ziYCdawH{IPyTP{K>FM5$y={<=aWWdzkyr&F5W=%#X9 z;JcyMk0DvrE@!g(+`OYE&UUxBxYML$kS#}T733s zJUQlv?PK2ojK|n|Fj>HJa7VZBbSjV1&~|&&p8w;CQS;+?jy5r;@<3u=ArTw#dO{l8)sUw}Ifi)u3LeKcbOCgGjTi7Zu1l=iL7-)_`|4HanI4Xgzpd49CdZ z<7@GVoSK4Bw<&CMf6vvy=Uux;XASMWv(O+9wPmDg>ED73FnTyq_74BB#vj^-(^;ve z3?KCSgg&{Eh>ACy(Ooc4fPQ!Jwk0fmSgH-8U6oF2& zYHAW6anY5f3Ju%!@3Xv;8jC5Bqjsh#d2;i9B}K2ZKY1O`NVbMdA|Z8F@$5?YtlEu{ z{rkGl8#hOJOX(0 zJZ9CJSh<1+7JXxEuTw|%qEKX%-Ux%&Sys2@LEIsdlEM$zs2;$pKt!GQjK_<(rQP&r(U*rg`8mUC; z1wvRNM~H|95j^`pD}j2Bhh(ZolBHaf`w|_FFQ>@#5tUxA{JqNvo8HH?zUK}b{S9~G z8m8e!x-P2ov3;Leeoefp>9?*l6Og{!oG)Jq5<|rIj!#`9YGn^af(tZo9f5>u(i}&R zEXh<++PQX%dFQ5bkPISA6Su0|1!Kb_wc7R|2{MWY@`eQz5SVpP-bv?nXSptX8lH?c z@HxRuRU@^Pd%H@llaaA4_39XkWfh&~hR5jLQ$l}?bLA9qPCJ6@E1%m*$2-+Pf8Z41 zxk|mQe@R@nmKRHlV=5+;gXhm9CS;8qE+NXtF5TGeN@wDHb)rrVBci>BrE7@vXJg^>1S1Fc+;v}QX(Mui?O=Ze> zNphQKA@Lir%SDHW%cFHh%GY_GnB$e}x8ek2mo*7Rkgig(@#oX7Q6aME#bgM%78%Ll z;9=ulFy^zTdGHLuE=er<6vOrnXag))Q6e z!b2(2)q6(sPE`c@8j0344z%YLsZWv1esxlMCy)|Lr`Hs)!Vqf=eZg@t#EURrL%W&fZsBf;A4D8s`n< zug3dq=%|>vIBdFccHn56R2wyR@kgMaHLVJ`BHq!_+)Z#-i=!mxAn9Wuib?UmL{&g_ z(>KKZyt5^(lq(ofnpPu;%TCJgz;E3sAeozAY{iazj!pa5B;elN;2wvqGY=)I8knhQ zXUJz(0`Xx>%+1YH9ljOUPtixjcBj0Gn?=Rg z@5)uJR>#`IEJtMa)u&*V2#xU$atVL(pEnN)@H40+=TBHXz&t@-j%M~LvXI`h6)dpJ z({u4P4}FsXJ{Wx{$lTs3F#H*EiwlnSi$!GBaE` z8Oo!6Eind1+CDPoRIWz^GV=JDdq!QNu z(8QDi|E(d*DDP;I<>3UuXP%^fgAc`G!`N?-8Si-1tuLbaX6luia-Zi@q8PzfHSC(f z5C1QSynyJ69)dDMpDSsjPv8qoblE9iCxJome*fl?2hEbPB!70n)1wS z<&dZw2m>rDnfny`C~7<^Xp-CN!ySUo!)S~A!xsvz?V1lvGk+Db&DA{IC~%=HImaD- zFqUj2bOf`EQ?H}@s{&WTW`~x)K;DxJEDQ{fG(*B9$(>lwinZm&eO7Y!-ghVHOUfU_ z806$jw9BGv`E23jyW(PJX1Nv(*wahtYRH zNPhY$gBtE~|8E0YxZJ9|0}16q+lk8K$?JShvorqhb5h{DW-U@r$G~Mm?;9tC0Ni@+ z1GvNIY=~l?KB__ZKN(2r9DOZBQ-I zP+@wlUat}>lZ=Ilb#);-#Wu!?H!A3(_HQP7jUG1+jRhTL1BU~G7h-Np=GLuAh#M{R zbFKVawRfrBW_!T{8b&CM;k^9ps{Z+$sm(U)QkhOD5>DIa2)K-= zOPE9HwftVux2QufoA<}QJG!**U>xi;Jz=qEhoH+dQx?i;Th_v#8(|lYJI)8rWM5H@ zfNPZ!oOrmfcI@*#P(NQ3Fb}pzR7O>{@SCE-$>7ZCdNB{yN&WwUhY|S=K26N$<*!oX z=)LJuHNZBjuM%&k*j>p9zPmr*d$Oz9;;|s{THLrjVfn} zdMr~UJYxUMQR9^W4Z#M7LVGN-xi?SXkK(ZZox&iFl>92i8-Bw(vlA;-gPCWto zo3_WRQcrpCg?f9o-YD`2|Bom1l)|2YPrRsyk32weNDIdySHAK+(gHpF_dCGc>M=&O zw^%GlDdC*yvNfm%A_D4wSxBEFBJLJ=4~~vm0P@4Rdl5?lJv3=ioSiAp^A+>f{A@X} z+5B{z9ee)rqka!Z9KAxU<{#CxfyKqeHuD^+GmU*6AMp*a3LWfDgDz_T=BokVlI8i#gg9i$^`Pb0^IC1RFPoNjj}=xbO3;EnU>El^|z ziHDv;x~^6{H`E}+9Aw1|XdvtG?v8ZX=Sb`_XF|O0=dXH>UgfOxN#C1NKXCKNdA*g@ z4+5sFg{zmEIcWa))wcQ)fTH>KF8PZ^M-*edIIaW?kN_nPydPGTitTq z_`{p!!m75fN;-@hMfC^%cy=!U9&sIoSZ1lwdFvHWGHT68F=ry0h@%B@1>YG#Mh_** zHG`7bjpAfWt?~mvJ!*s8ZdyZ`vKZ}mN~3X z|FEKyD;f0D;0cxqG5=rlZ1C1ncD4@@<8lJx{D56QzXh`=8ZSw^ALlyAQ?^6p9F;8& zj@)qyWqw1G(02lyVe?xE%SCq;uplq0$LQ1xh!m&r(Oy5%Ia_2gS3dPyAm#tpYWcs( z&k=o%w7$Qu@}%Ltv|rE!KJ*=6X$3-Go%h9ubY3fnA2B9zCTIqrUSD6&107WV-Bkp& ze_W&Y)geb28wfw7aqceAfe)y$S;~UT&T|X=tXiM~lmN5vIpA#$HPd8k*MBtls#lQ? z{;wGl+v$?{a{5#Lj^+c^;g*&F358}M&lOG_?ycE6(H3S z28nqb8i6P|#z>BY38HXu6u`QvJTVhNM`R)#i~Rj`iPn?veK1QzaIL!^IN=9_^#J81 zU%+l={PJM2)U-3$ZEu=op~eEmY9K+b>uvqVG>WU;sR#gyVb#OC3*MitngUPZF1UH0 zs2fk9t|w*A4WM045Rg!#(e1ubi+oZ&yeB9u0TrU9W@BB36~;_Pb95fMK?#FOQ3nM`LpAIjXo?PY_*g1Ubz!Vsm_JS zonykT3?7Sc=IrAxAcuRs_WFR1C{0cL%==Cg9U0XR(+((P(Lk`Go2|EBlm|;={&cC% zkP|_96sV(-48cC2F^=o;tlJ<0n=&Df3DYkP==M|yKrDlam6Pf7X!0|uXW}wAgL2>0 z0BVKzQR@}p?^yG)hx5xL79bF#vloIVbl^Dc=>a^MCPYOPhN1coOn*_p@dk!|OHcG* za%rk=H4y8|M?}Mqw1O8DbX+cISoT&4eE_#rsY$y(FCyRsu{=d7^ogn!!2_-UY@+#K zl~FMQG?_RL767!%2ZFJRK57H#te-wGyle4%TCaehNK~ki^NyVyvuw?8m?_71T~GYk z$rIQ%w$5sZkr=y@R!tFQxs>J(kSQO(m?Qx@R?A0GlDZR6@nK-G;y{;wDv_UBj_Xd$ zchHWQpL(by5!=#105;6KaShb7gq!n2HO`cwwzI!Gb9rJQj2J0@TsNA=x7c>$=JoHG zR^V|hg8OVK3gEUr;;n&Ljc(b@o9T^NlTtuQ+T7TXF&6g72g=nP=Yz=8iWf^QVx1EP zt*YYs-5y{P+YcpI0BUj4Mr5^XKQ`HTdye0wB`(UkORyb~ZQ{L`Z?^T$S341!+B_%d z+Vnz(_I;ZD_LGe;qNM`vq%s8UYsVf$j*Y~;KNkf)yX_(XPY}|q`|TzR!u9D8*Fixn zy;>0!lv*N|)2NZAKQE2PPnaWBVnv+(LwD_;RAWcL(Ub#>tvnEN8Bgeq-dacuWZwl4 zF~7_6MyChSi-W~}V~NpBA+;61McKWPOZ&ymg=qN#Pzi=g;^}R7CmA*$f95#+ZdP*L z9?fenQe9Ifshx?T5)0=mqkclG_GzRlVv+F|_*~sdqqYIrMEhXDeJ9}YHV0hgHpdxV z*0&(RRSE#d+A!uZ|26y`=yn-s?SmNd!kZjU&ChLD(&*LI`t=`KI1HPo#eH}U8yw7# zv@-zGGac-(R6wdJ#Rlz$oZ*7~{p6TM-}JaDE(VF5en^q} z-5juj?+~B>)(vJGb#P@9!5XkPS;*$)%aEy!;W?b0|At?p`ImITE zX1Az%hxzqG*^dj2@h+{&(O}V$KT2U^n$1QO&iD7f`de4r4eC}YsJm|GicTorbh9Z( zuhjhX)niF{)+Kh&A9UynB~4if*>xj<>qi}I9{(dQ2z;1^1&0gZ<0W$%NPll?Sj_ez zeRz1_x8Ku!+u%S6OhVBge6Nurt{5sXt>Q5$#&hBb2`-Rm=Dx6PksyR?1-wg;1ibp;+kRHH=?Sol`T?{oPPt%^(V+gre6{Ks?*-5|C#3n~=u|ZVQ1J)B>db zFXV!iLnp?gUnbZa!2yCHn8@pF1In@41d?;)`6zxn<5EwGJQgKys`Y3lt+R;GSZk5B zT6^NVNwAz34*PF4;_3m^^kOADNDE5-0%-DZti7oRzuN+oe;nI9gYE!hylzdNf|h+> zmM+i(X$40O_r1Azvgs;?Bv$`ReX(>=uLOQ!Socr7ZieMCw%3^P9w}TVMWvbBAWId0 zLqtj{>-y^PgndQOj?wC~CkR`y%!VJ=Nh^lRL8;o6Db%jhK!A-tS*o?FJ$YMNJa$b~ z?mCuQaE4NTIF&~(YW14Sq)pcA^iNVVN-qh>*A1r87f+KjMKt<8(ZkdE9sbr=YjPH~ zb@8s$TGir!)mFmk1-WyDm%0@&d??{lIT)4sQEy);7;|?xTXkeH z7IXS>gfe2CK}8#^{{^Gww;>hzlfXcPaHC#;VKb&R=J31cNFcUdrHWJchm`#&PJY>& zs!8A$kOwY}m%#EAed*lP4j=)#UzD*%F(kZy+81hF?41*{O>|=?B4v%GXEOFcg)a$a zHDFVu4l314!XA5y{ZQ(ZPyF7~if>yy@sOOwhciSpPEqV<&o=?!6Rlhwrx@=#9D50l zc;VGbqcZ{#msV!=;e>g;WL)3OQjwNM{0i_<#j7KplG*MpSCsuk59C$ws~B-Mw}iVW zF`TVTn0dl+NB@yfqyR>TT(I?qY=xe??~K389ywmHtJ3OM&td_G5|`M2noN^LYAV10 zuzeHq((m12t0JIrOEPbcrD(86fIs{x;OOYc`q+tL9wi(4lz3;ZR|gwK4tS#HQQ3z# z?)$rJhe&`&4RP5Xu=r6gX+?Urt z0+%JQDY5H@EBQ7!EaP`R{(QuHQy;o62z*;^JzAw&cps)qXs?$2Zv!T25a1DZ;NB!Z zARteIu4Ene5git#VMSGLs{90%p8x1tHsH~2Hqr2ZQGjxuY@}(%(>`lADliN8{t5P97lijX)bYI@sc*gix6S2L{r%rEJm4B!|U(WhWe#_){Vuf|6 z1Wo2u@MT5_{dJfUXDtqUeMZc&b0vYS<;{u1|LXh(;AC0!SVOU39jml5wjCWSwi`t; zlehpP%e)QNmPG8Z#AlpCG;eT`T*l5e2XycqvGi&|d9F9s_tGkKAp#~i`Sa!5BiDyp zoysMz7hJ7hyi{86H=rw}=NW}h+S2CZxXI~Dc5nz{bT+M_DDa@adMEN}PgW)ZYpXdU ze9tLc?@!|gm-#Q0qz+4somnY5uvbd>UfCJ!G#mZVTvz6Rs1n?dCd>pdF`G)#IKTE?snFvRuel@Tl=rNE24b-B}70Xc;6T#`U80lM)kIFE04Ov zp{7zI5u7ee8&rm6)q!!_K!$qGgnMH0I)5#jHBbR=k4!Ru{+MMsne+~r(DiHqc|A`O^^?sX`L@rFe z-$dXOHYE(%_o_Pzhn5E>CyBE+%jE&9H2N8Xw((Xxn- zL3XPJ$y)0igA1f93)kPzz`f;L9@~Nnp01u~YG}SI6dg!0e<{);XrcN>o_Mst3ORF( z|0vjn%kMB5`e!ta!(w1`tr(nfC$t?%FB%&#)`I1|Z-#BP7-?RA)ul!63zSb0R{OA< zmYZiY4AX+4d)B$x&i8NojIPlX*c`TaEs+AlVyE;~lDd@#h^n>nt$c zG9yRia2gAruDkY_v19B0gb=a0WRK*P2HeY84J9YpnK=VNxuJG2i%qbf=){BEGrTk8 zA&zPVoFN;#`tw=YErEZ8LwRh#LoGx3`I<4wDVFpB@SM)0zh{MqH_KaF6@x36Lq+5V z-7UToS07ieo??}y5F9Az9Su=kyC#Ytt_6t>C3BQ*n$bC=&Q_WvzB>eajlx-+yfAMd z!BvN0{D~Go%nLr(dtAq;r}NPPR!JFshrFQUJ3v9zZS(ayl;SEN9MFlRLDtkO)h4O{M(gK|HpKRI*5U}4MiHa+b)cpzuaz>#gBI8JNQUZBvQLgR zmytA-nas+#v)7A&hwi7~31pdY4(v z?;o(54#Itz-W2^c{APBKT(hK{%&PR`>hD@}ws`2Od$5fZ3TiILvNNhtk4d#D?cvYS z!qm*--Rm?yOGPe966S*O+?M0=lO{@&CYQ8I7sIjmspjzQNFuhPZw;G9v5^?|Y_Iop z-I9`&^(qaYaP4l%>{WiTONyQIkehY7BXKJe_hJA(Zxv4jffogMt( z!UjV=Jn`O#zKcmWnLr?(+&PfJ?O1}MV*kd4*QGl@#UNpkJ~N0U|5RfTX;!+nROY=A zBPhoWPOCv|eU?qoJb30bz?X2q?CjP$F__QWMl*|om)5`tCVfRjC=^afd+ggJ8384g zx<1|BX4B)^?+CijkK;~G7xVc90s9_QkMld8nHZa~OrdC^$Pgp;a-PiyDopkyFkb)) z<}ysu)LWXyZp>p=BR;h#V|M zN%;;(5FqqAg#@%ng`s%I#E=QbzawI2IlqHAJ;x&D4n&%V;kFim?W;By@i)*qfRRj9 zHy_s$`A?iF9N~FgsoY+=RQTOuPiE9r54|{-2}elz>_<3kY%=r})wmbe(&4btS9gs* zieyGNnH`!ki(HTE=t3DmJ}u+fGMp6)*cHj@J(b3KUU{*vq^bz?Q1n~91=xCqwO;}Z z0B#`y9QXtVO^$)T5HaAk8hoxCqRRLTg};B8CElNgc}?WY$(1tL*gbcLcR)Gwo34<< zAc-Q6OPY#U7D2>^A+7_OaD*R7mBR7R3^x&!GgS1)W-&bEeO$J*vj=AMTB`y4tgqD! zB5tQ#x_7Oovb9ymmT@DtataH5_ZuPCHb&dK6_KObt@`k-@L%(8 z_`P_zE-wf?xOt4whTv;aDKYiKnbavrhOk_)Wz6RdPBw>9OqLrMG?I-L1pT=~uqifm zAK5*lYgD{d!@vZc8J>l6uWWoQMZi4Z7yQ1V$iI+$$yX=QtGNADOQf z9L8}*GF*G>yr*^>nSz3Qt1*T}QNMXKn*Uu}Mh}0Zxu)gJJssqM3W#683`!d@_}N5k zHH9SSb@_|kA3x#YPV%==q7hq5E$=93)HCPkWQ)}9qcH>%dt#`rqBfWsrOKZ&8v~v- z68&M$Z>jYtFo-$hNLq1Gt3Qv+1hYinb-Lz=c{htjng8-xxi0L}<*-2w@kAMj1mtf%X8-oFd|zy`(sn8e z7MnuQas7=QmPBA^{||{UyIuL$*Y!`J$*Rp+tnSiiq>f5p1^=j-jO(J=g?qdcX*!py zTe^x2^{M9lA|J)-6`0Mi9D;;|tfl@#5IuoWO&WB@t@r7Xdt-?V`;xWBOuce9jwckT zhcpLZ1BshLni8rSB+^te9;B?jBCz>7Yo%)%U({DHYW5E0B=MAQt6{GQx9!-U#Y1rk z+i@sK)Kq>X%7%(^zUykl0F5~5^cx5q0*}azoyyvvxHozPRy#CN_6o4xiH6o zSKxl>yi3~YEaBIl3zB})wq6mqX`hxx!L7(;p;Kh8hS^HPAxH~!S_(!#i6(^;jZR7b z%>d!lb}ZW-sF6063JgtD1zXKYIo<6_fKL*i$EW{V>)LDl9cbavTtl#x@}vvFo?_+C zD<43J(rFCQjb60Ya-gp$a1E*tY$*j6#}-+K$%6c8TZGA2voE!dNlD&;)UGXOhd&5` zbDorSaLiVYyhlV>)a0W-vM4&@ zc_a^EvX~A_m6w2;_qNS9EgC5?nmju?3|8itBhERqR9}`74IIe-ao%$bsyp0&l^b*e z2)pfUeM~fYytX(9Mp+_ID`7*Dgrv@rkA*owF}6pxYt&9}#g7Aq*A!Ffj+uSfGQwNfKznYVwc zt<~qCY>dj6FVGR~IKw`0CBs6P=xzo~QgPgwEjKtD4r6R1H)wD;2;eODqrRCuwHUJP zxPhDYw6^&0s+HDW=ttP4@q)rF*HN+IRY?13+Zu@?WwJ>j^&gXD`;pSfk>gv9SD(6b z-mI4GVNt+lV0P2e9+dI z@iKc^F=Omw5#_eW_#ws*``H&=odyB~w2JN@cyzw*E=j2(U#W^Hp#)W}O=b zgzz#z)C+kL1Kj>t-iEj%-J=N0@?PFSH&lN?s}ZB*9lB0p`_wQe_olRagK%TGCthcp{r#GtF?9X zxxJuQ_#DS&ZdSNzw*|5<6Xj`jmX&0DI5>ewpjV*}Y%j^aoe-{4vtOplw!SBRJIA!w z38W|MDsNTc{Kt;63karkQn?~ekc0{1H?>uYwuo?U#Xq^V%t1z6fZMdoD&$2vQ_63t(dBq z-@ycI^@LsbF|(Td!a0|kB%QzX7Y-}&>V(Ta@42tI#hq@`{h=uh=?%UnySiKCY?7`j zhA7osw``o+opX=Nsl;AGOtb69A_lFX3KK2)PN~q6-rymAi$~+ZBvE9Bm<_cM!Ic6v zn|sfI=$Cco3r>B|LopYv8n>FCY##{Uj&%_c_q|?urkqGaHX^!8581?IgGkId?y5S! zM?EUrR-r*>b{tHF{n8`!xDR=MnD^sc?g4Q+;9hMI_DY!2#_rE{?;BfelXgFe$iCXs zdG`~z-s4#1>wnKNnH+C)>bz2HseTM~o2@r3a{W+dnhW4n7hLBtYIniFvX-6imJ?0Ob5WYGM^fJ? zDl-g39XwNS=xS3mJNMQz#$R^RjWwz~JkFD{*VWv%2?gwt4TJn}ughM4SpY=6zvZcW zaAz+;{4)$NfH_@R%|66@YQLjPWHetcjV9sx>4vEWsGGJD+*g=~3P4mcrQ=gIgpu8}MU6nWO1#1VMBADIb1Dp9Mw|2fs}TsY z#eQ4=q4#j+r-Di9F*bOO*hi6uqsZI{^B(?@gk-=4RzqM)t+#w$6y|X9MRngPO^|t` zBT(|BF8ge)?_&R((;9qDGq+mT-s>{USjOS05U)n=dDB+mMA7AgO+RqpqSiWGG#F;twwN1jmff@Qn(np~;$_u{}#nJr0AxIg?k;|GmI>nVaO6uNq1PHcjRP`)}mDDkH1mJ4Ln3MqWi{^D}ODe}ttTJKIE}s0}^IaX5yQLUYFTo;)RlML$q_8HJ50N9z9MZgap>`VT%vSB{hwh zJS`UEiv}x2N&RoMn?rXk(~kcvv1%@OsqvM~S{k0!N7_b+Hb z8}LjQ0w-FSel{MA<2HGCZZTKN&p-^9t%As+^A6;o2gyj~J9`29+U?pf%mau`0m@IRs2O4N{WAM-?qgYE5uS`{b32pHV`#;3f+QBER0rdahfe1#2eb)6p!+4rVj*2<%GlQ$%s zF5p^o#5n!Z+1grUcH7s&4}wdiM;lMY5l>*`e&OlKs&q#hT`yt<1+1@#i3gox{Y`p5Ft^DkU$ zHa%y>D^G>Hc7ap=n3WBg291B(wrwUGRYSToNrJ`~7sW4!DzySX;BE1egLms7VF;ey=p4 zs5huTy_dY-Vo}vg>2`Qn2%#k5w6$w2gLSet8&4ENx|q?vGH|H#{QUpvShxS#q!P&t ztUexU>HGuY;5|l>l8@bJJzfa@txJiR)#)qvf`~S*mGss78k^g?W`aRt|dQq&ENet(uG_Zfi((pxYF*p;w8*(SpV7A*Y|IoO~li?d2r8{ zrTw5y$Ak6oLcm_wCx@8wqVR1P{(=X+eCc^jsnI2X!F{8y5Osz+NT7Z@5?xsWG+!XJ ztGWIe&I8oa31Gd-Zmy<&`H>We3nSt_pLRTeVbN38vJGJ%j+;#FmY4E1sZVm{4f5O@ zj^!cZ6i8vT926b|FLQ8=+esvIwqm)InT&(qf7@E}TkzS1ySQa$D1?y5G*`9BgNOJ_ z`{h5)CJJX3I77yX*8K4_L+HE4M7nV1@~wWqgSm(7;(JQPAD<4G zpDa}Qau}zV*!AhaaHsqP1P(<18zUfCqxHu^67s6@ET03V**aTUhMl71;D~2+)9fR_U9KKl@|MU z>M5c^vG?HbLRP!Q$RXknMfT5xB=npV%~&OB3F`?D#a?SeU09e|RlXK}{QkGmDd%P8 z$rneJ7kOagI5`_epv9?2ns~L8C&<^Am$R%o2-(8ExS!J1V3Ju}7Lk!T5l{=$YDtzdm9C#0A zp#m2Ly_PB|ddQDQ^ryM)cl(*G_mR9zv3-VakU@0#0yW$iDx@Z6u_Gz|wjdu)@$ktG zD$fn?R|(2XE~I08q!2LdN*L(cu|Nc+)$0MB<6R&aq^y+z2*Uy=2QZbhbnDW9J{}=1 zE)CaO9&>PTa1VaaR)V18yAR{JK@^W~o(4j0nQTw~e)fTTpAPGqpGd7TIhj#UO(kry zCtps%mxX|hC==%&z;{@b!5wkFV+6K#88B)%A3Sc+3=@E9q6H5el`s$Tyb1y)z*i{( z!@q~PiI)pIv`dYeYV{cbT_7Kb3=5o(g%ihH{vo<Ilv@DF^vCSc#IHJP|UJ7 zXe81N)jLz>rwra|vlf+Pc-=q3t6Yj_OArz91}>#nf7(tEvQeUu2jL)aT<`{oJ3gF^`J4#C~sEkFd9;O-h6f+Tnd?oJZiCAho0)403C9=^XncBgi> zc4lg7YpJ4Ax6|FX``&Y2`8>}{*n4Fe)Yk;Bp`f5p~I!RWBaN8soE>nd|Nx7t@y3P0l1UcX^_^S!F>ts9-*;u3Y8L|M>k{GxC3 z&!r2RAW=Ix!kZSJ5pPE~H&^g;d^?;pmxh$U?_w!4mM!%SLmbgV{Zok!{o3Ai@qQwk zQE>J5m&b%W&bNM@OuLCAl0)popvi+U*0J7z{~%}nA3N}`^VkT!WMZwgTdHWjm3Vmr ztk$2jD#qve5sr`(atB_bhT)l+&sRrtObfMkKg~wcclkyC^EA;oI#tNe5#a=J2Kijsn7?uV`7C1gZf*%t!pw{X%IR?;@$cS_?9b#G_l^5^ z!n_wnBoAtmoGetOmK&#XygI;_i($``{7y7Ce}?;?7yFA=;@k-~{cFlI%%O2SZHMFY zgxHH_grdR)VTj8@VMIONU-cKK@NDL=n^5}%z^dh2^YOXtaQbmXU=lx+eIg&^r5HPrxAmB1!+DF4Q$w0GmmRvoE2=udcpc(~6D^ zoFo8)S%-ID+aRE%zz5 z2zG=J2@z#?T?!f80JRFoDS4~Iea$k1=EWA@5iP8~1eT1>?>GZmuNwtD&LnHB=O~(+ zo2LoDf)aBWh@q4zwVe8``J>J0bX{uhpH(fV&GZKvrBo^$ky}X$$xs6uoYSkT_#_U~ z-oYdePTgtix!fMN6$_`SBJ~2}=O^zo!@gK{lQSy0Xx6OGaD4S^?PlvF#Z*?Y>0(_* zbW))>@UneR6%`eH5!=+dMwys$qwe0{zy44K&(V6EK^lbUFzQeVxqE|7HxwZ!1#0@Vbl}Z z&(aaxAJY-C+4=-?2HC~#i=(ehr|jqK$(6c&|7o)A@&5WFolxo5{=~5yrFlgx0at4w zc(6=M!-)m1hA5)F@57o0q${c&XyT4r|AqgTs~BjBovK1>bW%?^}17jTAiyjtN7COn$LdKk7QwKNp}WYy!WfhQiBU|X^zDG zRpg(~rF++4y$Qgh;H|RiH8YQ-a}BUrj7x^FJv1CB4iQWdg8)$;PZVj_d;~c;Ibq!& z=5MxMnm^rHld$^HVHngkRxa^1Bq}QENWFf18@dO!BN)|%NW^DQ>kb)vlb3+YdiCV& ztYZ2>sskRCsMdCA{FrW~P?eI{_o4hlf_C*oyCJMZOW;rnH=lGkUdc*CFR$mt&G0Ft z4_jBS!oA$+V3rMf+gx%&^`F+qkT6Li5RF_XOFm8*QeZAgBa%O(gT2#pI*$lBS?h4T zJ)?e%GR-zq$>(9-rHU|A+?z=|TXhYD5Cmrn;>r}&ecYhj_ zSyq|H(y59+qAe;teJ<6hj(_EJaKje1`c~{*R1Z9NJkr(9j%6vGMu~t)ggod$*4Z{anfeyQsW@_PUuPRdLAr&Zi5w9B_pTq&u9IiHDv;%t${ebP|e=YnF8@-!m z44yxI{rHH<8KtF(y^;eF=y$x1TZ1NfQ2tUQ^&KloCu{8psV$EdvxPC8;k(bGP|3$2 zb38|2Fo}?~33;5wRo!IgT_LZkSDG>veJF~3sPBGeo6)Iv95CF7NeS(q-@gR$L3=n= z7+V&DMA*w*@U9VyUX99XC?$r^>1{+nz;}i2@FXg5bJUu>zWG&rE>ip0b#ffbW+W|_ zE+{1`eB*UBx9v|sC60LOODPF`dcsSdRB7z9Ta-=2=hQz}xea-^JwMwu%jm1I(KeZ{ zDyr~#=r!#Dqtni$&oGUZ@$GiX%jQAO3i1MG$PSLUUsvN!7^UX$7_3qwr zG?&#Uu;2?(@C7xdi?#oxt*PfLPScbIz#;dk1j6s0f<46;2#f$qClKa|@*m znnL+{m+{o^U+hNR&O$wT3JJa74*#7D!Z>@D3ynI>Zh=x^p_Ywq)!IN0cY3%vrM6w< zjeV!d4l+lyPJ^>%Myx!Bh`(`PtQ2J!2%o)O3b;~=_5m(r-gnMeAgvtMh7!`2qzb!e zktFWqh=2QjCKiVENnf5fY@MX*;OEEda{rzTI@MKN%ot&_5}oz8!cD1sPSRf9kGZ1$ z0b0%0bCvt*s%FX=+?c~Kl(1cwss;yvIk^f6%CA=%IUovuZ=6~{H z9qdbz4ORI6*+J9wtM%<|TC?HQ7+e-T4Xb6+5}kSq9^1vTc=3b+m5lEpJxCr;5B1ZV za_Hz*$Y6c{;=zipciNH-xjM|#U8rIAyfC*qY=lNx&h&?YtaXG;Cnwaq?8k=_@QtVH z6YgGol)3eu=dAaAZm#A!sIZ)p*Q~WotG;lp^LcD=-d)rLF^yrh@=KTFOS&6td8E

z%Zlk5ALwJw3IG+Tl6OhU2<^;A$#R z3@Li-PZk+5{Uat3@yVU3xlGW9_d44eVhqEkjn@y3ik1w+(xyiue?A81KjAi16mUK; z50@3D*C@**U|QYZw-Ow???#^La>H^T&ykLZW7chy`$?ljt&%RNR%dT$v67V&cT<)d zPQ=zOkI#M5;6xieLkcRO$0nP_r5xEvB0d;laIUe-EQfdEy^RWW4KDlqrh|!wOz`kZ z0!t09zerYmSuDnL%cs8|%vURPM-Vc8Ry2+klzL77xg_-i2nf@q`n0|!x9VO;x3Zmx znA9@EL~5ma-eLG0`GaW!GPcW2^tNkDkex9~f~7a_G-Pv<=~S~d_@2Ak;gF3%hLi4W z8gzBD7@u5e%@Fq1iV%jiSy>i($$j)-(R13&E1rub(W)fVZ4amYM8u?&zdD#R*^VS; z_v(}l!(oj7)hKelJu*|__3W+U;N(;}eHY06{B|fs?s(ao3WREQ^HEWJc8D1g>9W34 zfpQX9TkgMabpCmM%vVmMm>KltOfnfxm71@zvC6KNWp{)i_9b)u`Kwj0hI*nB7}A@_ zma{ooq|RW#_N6mAlDH-IO+Lx>@rv1a@wg)ipQA>)pa+9VfBdicYAY*_#TuK13!;tA z2*wrfnT~gMICSoh@Tewz>s?wrwwM&XptM%v)03^SubBF zX6W)a1*!K#dHN3y@Lhjlc7#|}Va923S@o8-M8qR*;eoKjGvl0|KJg71*Lb`$Y~5my z(h<_D*5GUb;=7}$E~fah$S6BGM)YUHY?Pj}%>iN;%NfUax(%I%;lE3KPuIV7;3$Rm)Q*4-Iu_goQq86`YoWGA)L2R zt{-*W?DSW=_ERlF7asc%jD_35?2)<2na>#{tOHN4hZcvCm;0~2U5$`49<&2zq5g`) z&52>pMo$zm@qDe@yF`(d(~~uc5Vq0CUyPs4J#&%eOG$m~-)XR}Xn7_w8bB?su5>L;BE+CNCQ?`9d&z{LZSZW~L3p|Jf3$Ci z^tF4e#D=g~N=&A%Bj42VHvz@S!0pMKX7U0@Ah{KD>nP(|IU_QHi_*`7EM{L)EgBn za_Zf?6g0=bf9XQBP+)@nSZTj!t!5@(Zj) z)VHl3a6R^Fa^-%?gRoO&$H@Esc*S>xay8KEhGA4CXg`I~&9?abCcgyJ<7lCFL|zQh zL*FBZI~WC@Lq3XRMIo)>GWT;SX%#&Kol3g!ug)+mO@*gcKbgok^sR^;_I%iUj&D4! z9_p(va9y__FLql7ZqK)?lX^7Ft^TyMxx()rue1~p--ThdEcPLH5E8N0EbA>#s~NoC z0;O=GQCIaeY!v1fw&hwp7M&WqmHh5E?OTfZib=(GPw=(pJS(ALc#!XXqyhVjl^6?% z5gg`NjlRc2>4?bllGl(^Bc_oJ+Nh7KR+EJ!Cv#06KLx$7Cgt(*I15nmSXozpGHG*L z4Gd&PMiL28T<%Yy_7V(hIw@3RWBv9lU1$RQrF!okty^4I z*f(+LBJb!06gy8&+F-1P^ojT!C2g0QZNe=aBbWn(r;$fUGE0ruvcH`ftu&9<*a%>M z{OBVGn<|j;{BW*fBk)ingKjaJnU$-QFg%YXh(YJ2)8;D@a^>N5)>pu8J<9@}u_7H6 zBmV96JuS+s{vS_-_t5xI6Y7BNaT$!shwK)G|-+E%wmn`M; zc=7o40;cD^RAyR0_I2*yX^% zmJA6+43rK7_c00s4)z!}oRmke!F88{Sim)Ut;07aUnyBWe=w=~A7OBz)eLimf?htNwN6W2n{Ig$uf80v-82G_9t*CjD8q4kq&+^JV zHbdE2QArt1O)1lZL-C#|S%O66DQxa5>-R-@ds^}7Pa(X*d|3YxAIqt!hRT zhB+{eWY)ugZ>QOn*eK$2Dy8eDZ zJ4WU+Oh%@3*Rm-gGTz(V@(BS#CBm+%c zF~Y$D9@zfHph^EwKCvni>5p!|yrO59fUr`&g#WklT#Ww#LDp>B!lQG18EA`yDTN#&V_?GVnLfHsXM&>3NNF1llnifODEtJc+UUi!8$22Vz9Y> zqpMBp`(?XVH16%zLFE2@zlYO>2w5NM{;cx0DYYqpMl%C5+t1)rn_cs*wBzbjvOAS8pch2g42G zvshhQln(GGl8hz>l<-;G*Kql=PS>m5t3wDig0++|>LSJ(YJK&R5ij%pFul^=M zXZx&oB3T&Qq_7z^l%(*xe4i}RRY>Nxct>K|h`vXz>i$xh^={kj+=rENc%Tr!0#X{olG*3ME`z&{A0=l zZ+f&?Z%HK`NmRsv1~Q1+)=&y9pk|+7g6OT;a>!_M`vIGKr(L6H2G^Mxc7q1vzXLmP zJ9Co)QXAkrHq~)ZuuAV?k;v+pt=>4*mpVW72@B;=r+2_ z4JNX=&`1sjAfC2AY19d{>>G7T#lE%nLAeF$@0<#kKhITFyl=0R z;^<ASoi#9hb6&q zj7N5_AkA9MeZou6ol!B5i<6i)^lFm(mXp1h?BjU*Jy9f9%SD6r0)cA>e?Am3O#S|x z@FRbaG=biVqJdBvQ&Ce%H;==l?OimV)7In#2HoKM*(MLFv#dgb$E>#q_`1 z-^0vVhfd3~B)D`VQ~8Xq)0bi?WrqE3r9TzxWL47Dn4f-AOyU3NxZOv&AF<)EHE400 zDT!39q8KGOfruNw(e*P&Q;{uO7IU7Hrp(4zu*;a7gPdHSt%%KB5ACN7V#hh2wTF9G#=hC;< zQ6vU;OEle3M!$9Zo-srt$igwZ--U^Vy`hhdC+?nEJ5k^8dYDzE*Dgu59Z6zLC~B!p zR*4|sav}CB6c=4u%8>`P76c-P4hoe6o&fl)Z!q>Jt%SN-D{elcBN<6`@QE3^zT-^T1V#I1V8G=9$YSYCOE^;g@y{pA2R$i3K_htPbRzHt zwI62pr;8agyw1Xg`y!5S$~(;G41}7#gvtY&%{i}8Wga6qz?5>rFf)0>Cx>xBX9Do5$^UcTPs~0FU2=WR`9*pNH035);b%jwo zN@Y5zaW*DHn!=vXw!MxcE2`H;flW-!+1;#Bz7B{&l65D`=c7eSh@rt@65P^a`;X%v z2`SBF{61T=5+P6Tkl!-1?gnIpVPrR2oYNFpQhda_op;&W^E#FK{^pm*Ij%V@`$K|Z za*h7;6T8{44!sdkB#0++%#?c7`;%ifV*Ys9N&BE!Z!hS1A^XqN zJ+ejyX#{6B+W=-GfQHRE{`u+t7<^@1oZo2OU#q)bdyuO@P-9x%LO;kFkj5?9Zr3^p zH!uA)_LWgb%`Q0Y&XN9b#x2Tc)b+h+QxtY<``R-L@pX{FY*|(;g9}5^r((}CJ^o>r zRllbf!Y6lohI2tctr({PI+l_JyX881i}C!aWpxLNd7z{ETC{BTa& zMM;qwJQ{^`9ov-#rW9_Q*m2Td@d;Le7-x1M6=fD7#Yjx#E9C)ZqE@2ASEN~)?{&MG zaJFFAqFMBS&uZZ3Ws0Kli{WFHCPYcJ5{m+tQ!Wb~Zb%PWkv%scER@+0EgenoyIytvQ&NstZOku2;DkI(jid${OxaTD`v zZ^-|>ev`deJc~Z_@?RW;nPYVk% z)534#%Z2M4XK!J=WcU}L$bH>gWD!zPfBs|1ev@0-vaoHE(B+ZQ5|~CCP7?WTbK7*z zxNt$$6fw@`&FPXbx>@Q7`ewyG$|aB8vd$rL>x4tAa6W3}kB4&7yjwe@- z7`MLIysDy6c#q5(K`-~`J4xLvpEA<3cDFd3=fj8h%6~hWHKdoJc29{d%27>V#rBDI zqY;F;UF#1wD177KEK;wjgMx(Zp(Ng5U~!AlI^Ln+|IMpKzN0+3NVYjaBB$adBO~WF zj46{d4?_@Lf$IVbhUR~bg0|D)A!5SFe}Nb(=1T_jEDSIj;NgZNZLO_kWmo|{C7L!U zdNlAA*6WM?8I|9kihq-$`0R+pPp-iH^dc7a(m*KcOl5$W_JzQPZlVPm)Wp zo-s)ibwkwfNQk8|a&E-E0L=O=QDRi+;Xap$y9sa(e}-KAJ56V@b{GUSSQNcbxva87 zU6b=ICH|z(qixif{)UNnfShPsJcI6 zoVfY&TJOR|6p;)uO~7rMj*2c+o)ww$Y_`#@R5|3wMWWvy^Rettzugk-*E*7VnX-W7 z^KO*ZHI?Vb@86ky_G4dm&yDocwqYgiu*JpEU(3?@o8sc#0Wi9!=!1c-ShNVoA;*vC;%D5q&J$}5r|$m zMQ%73+d8d-KN#Z&;`)BR@&*x}8Zg1nV<z!;=RVWSXN)up8(&Rg#JwCE98)4|lHG)DyF7g`h zjQ9II51=3_Z>Z2{l@a`|gkdRAWnvZuEQgp#}O7`tMbr^GRM z+0mdGw$uez3t?FHCNj`t_jK~@vTy6VfE|0^&k;1)@PfuC45LKf>d($0eOARl1xt7@ zy6iwk?-hPcjF8r4Ug1faY;{6{oct($_g)YY zN&A0orvlyMzZEj@-MbZxYR%=lqoeKN#;`~P4C z2z!qm4KU_DXP#Kwo4>O_dW0;|Ou|B1{b4GA1TCt9DFjk(cN8g$N`^4NNa$A{R|iS? zJ+!>!ceH}OPdeM!&$O9}bd=ySv|w4jQmeN7$me>H_!pGZ5r=^Y=&;8r0FA!~ZIn%( zCw?eGX8~xJ#*5TxZ}AQ>z-HxIY57rGTWh`Cq}h_e?;?M9xqlt?Efn;9 zAH|hK7nhdu95%Xv5^6G6W${xnjsGJkC};sJj<;WH*DTV5m-dA8#;E=I#Dvf9T!=!* zt;lZDPxWG^5O6!{JzS{eVu03Yb~{clX#{FX3CxYp{xs9+>8YxicxBSLqdgfz`FRg= z98}N6+1a?a!ywr31AvZHhXV{5Z90@J2UI*xthQ!Xe!pir!tpODrKP1MAS7PH)dB!@ z0Rm!jH69+`ly5*vO3I7u3hGS?06Aj6<1p?uM9lA>Ogk@C#BTYhH7>0(kz5LQ@z%MU-)uG-B01GNHrIpM zQSaBtdN;Au3b`)((+osA*dA%LXdU4@)aG%qf*y`VpG(s}6uuV&n?Gk+c--rx4FNDy z!bhLAb~vs(*3}iC`(jS82Z1T5=zgY9RRRE};!PwpylbGx$S1LzeDJzDTKXeC1!Pnk zWyX)c;{bKm#iEkUTsI|jA;MmtthV~RJ6BmC&4R(^$6jkSquh1W8$;O;36=&fSQ?|& zpnT%(15E7=-Fwjp5sFtAK{86~i#d1ANMk0AME2Y~9%&$yn)UV-3Z6i5I~nw>h^+k`V+S&&A#Zp-1i#Nv-)q z{guIw_67JFhX3)<8`B#DP!;JyB*bL@g7R%s^&8X5$)6O1Tl5oJ2{`5 zHH5?5?jGC7fb!te8dT@^_Ti43{TAv|arElOp!44rsMhPS0tDusP>y;l~`nLr>7$ptdF+ud5{?5xA)1mNUm8RQc1-rtcuy1(Nnv;Yl6Gb2cxL-k;` ze5y641x`=o>Kl0!Ax{Yj!sA=>Gx4}sz{KjmUYGb(m=0MIt3tq@biCaAI7B*zeI~Qb z8-zS$yVEP9NoE?#NhTR;9gXIp+vKi#-p04Efbl455Y2PuD5Y^g_X9(`9SbjlXA(B3 zi5SqE=(1j`5GPu|boAi^o)8kcFyugmOgCgoZK_z;jWmQ=dJ9DAE70#E;znc)twfIjb#+)5~9#p5A{qpYg&k z!edaDaqNrPi2eQ;Od^Q1Jo_*}hfl8xZocvmK~xoGebaNXQqcF}%xLQf;s4wXB()E+ zsV`~lV5Ro6*U?>}zc=B~~m8ZQ?d*-uk|J`bvH}NOq`zxF2>D77*ls;00gkavX z91ewqcVp+>4hDY9&Mm8WLU*+@&6`o4EiU`{fc=9-5DUo23r-3)O5$_~n4Su_J?A=} zi3k_GDG-~kUFEYksI*>iozn7z%TFgsG-}>@pY`f!=5l`;uHh5!^+r#mrouB*;;Yr0 z)98T;vuj(;TG!%gh+Qa~iKwgrL9i4u?%u4elj#Web@KBA_j4SOItM^A_cyPl2NYh; zla^;bnCo6-e?FDOz0<6aAN$fZIcu<308Ayl>s>#b{|V*Z0zTs$-v;>kzIoM2qJ5=- zAYHi3B_!+_V>^AO6amFFv=EMRr5(?xOac+T`}Y}eRsbx`E#fB?%cd^9!KOboX1&JM z@wGGYvqpCl`7FYU_tDbCai!T%EU&{xp9wY_F~9qJKr()-un}{v*ey3@4dDGizSp~M zDhWuSRUuJ=DHn9!iI&#J>1cnWnM!|-yGOLG&)D!v2zs&QQ z*`{&#&iXe8u$HVtpxZQbLHwSeW6I}48^+lLVv|E=c@NNn{$__@`q$blm}d8$^YgPy zOAaS9{o(WZqTc)nav4sT-7v!L6~4^s*`|UPDS-K`yA`|K+g``XPP3MhgA?b!B_mU% z+4IB51qRvoC{5cF9XIwQ!iWWugBpER1ex{Ugkk8dcgvZdUH<}1KAB&@Dl$#W>v$S2yfCAAo%aUbqVym;%ND%QEs$f zI0ni)uFXc7T~f=I z{CRSfnM(v7?;l9N$tmaA&gLu1=g0R(r2oQvfo1L=(*s#{GN~Mux^x`2NLfY*%2*Yx zkn-;=Vov+aMVQZbt@>OO?mlMZ~6#00H){=SLBI##jaa15y*nJOvWQo1|BO)_9Q9|OdJhx+#IyZ*U zJUq`?J25mmbthUX3||Hk5ZotP9{J_d3H;l=Xh#fqhxpnWYk;4xI*drg{C0aVskkTn z4ShBnl&bT4Sv(#**oRE=P!JWy&(;OY(DztCFY5^J6L-_>ygR)TN11QEST{3y?=)B8 zQjIxOfYpH)=JF%Hw*h}*(tVIa?__sk&A9ULp$$g$N9b}??z$+QLf8a8) z--pbcb?ezb(bcd4^E1CU_$O-&AiI=$h5mr$+*=1vIohw3emguNTqVTeV>Vh?QTj_U|`*rymrSg~_k|6I1%GEU%L2 zI^gx@hsYigmcq>yllYY=BM1p^1CFG?ZsOs zPa{%(FIi?nm7Q|7ofkjIc%D4mSpe%ZLikR$6!H`u2zNTdj|Ut=%KdTlN?Ok`-ls6H zLX>>EzT^JXp*dp!7B_4C^$QyX|A&_AvdkIoQgk~bJ}smBXjQ=9t%lr zVd~?ci61w4Ex*)&LmhzGxPLEbJe{p?JUWy>LKd!Z#s>t^g9fk0lW zYNG4(Y*?>xx=zDhXOf*yrPg$VpjIXdO-xU4tqnF1*O#7ZA&+s1Qkar9?~SP(zTY4E z)RGaTEvENl_^b71inW4w2^=!fSaHNb3d-}keXT`87zfwWB@{cDst*eFJjYE220B-7 zGRp`%3co6giCsrz_3aF=yQ1Zvb)>Z^bluF@L@b0=WClm+Z}OX0N7v39i*Of>>Ow}@ z{k~R&)}zUwk&gAgnn7_%WK*ZX2?utGei>44DmSIa6%JBJNRQCkmFP(`@Mvy{Eu)LS z#n^b9KM!n7A}xq0V6(&@j36Rnjl9WftrRok5S7Gu!${BS`G9yBX(LIF z=FuRH1jniQUUAx;u4V;orbUzp(n_a6&N^W2Vw`9Jrfs;K-MQ*n1USC1Kz zt9$^)ZRy;-Kjt(5yVT%CVQ%}A;&=A#M}8KCg_7{vStXA^!Pwf6!FmIksgqMbH+mF$ zUlmCD4BEX9RHF}2MzwCoBz=bA{;0{az&~Q~lVpq2!qCUP#!aVQ9>-?cuddZVT;u*> z_Oov)cVgn7LbfW6m3*58QB@4TatRKJ;`!>wi7E@L5?z!z8w!@xO787M_Epc-I%qwk zGY!Xw6RCQajq-Q;%~JmcLg_c;r6~IW*X4k(ikYNSm6k@mkyA4np^ULP4I}yZg(j5o zE4TIgoQ+W2A-vI>@d@|BL>cM`Hck-&biAI0daImgVLPa7E*&dQtF`$Lg&L|19}4Mw zlg*(%@0Iht4gbSYH+@n!mYy-s3uo`{vop0o)RIBqg3+mYV|s-7kS-6--y>nquU`Mc6_lGxHhKPU3NxQDPvasa)OLj-2$sf@y$kCicU)6 zaWQ3;H(GCyub7K@+?>1+$&#Zn>oYy3XqxEN7itcTf#$dOp1j}R;HO&(#=Yq1!J1(c zhC3CgrBxmL5?%wpJ-jtS-Pqb%JJ~wTa4gp!#WZ#)xLnQiEl)~{4?XCwR}qBFu87js zYviXGXuRLf0Z)&o#|?Sgp8!=}r>pQquHag=&HlTbP+XSgt-uYSV9JvSdlr%;9V6=t z(ZHHaY$$1}2=Zx2oQB*zu0S?Z%EW2d*c+lKoH3-S1oqU4u-!;PvJ zSV53l%TTxR!kpJ&=pu33tX0+oOB8{(x=#091^0FYd zo|z0dlepC)+ICA^i;zmvnkz3fSyXyXumY_)grhw{3rIGsNkd$^74BgNte8*~P2Eb# zy%+csQ})?Dsw;`}xGqTL{-NJf8X?~gnFD(w;=FFp6l$#b@+8|9E0z&E0;GOi==JJ0 zmGR}*zTt@ZV(p|NI$3EvU^HBt3ydFgsUx0!KabUmK2fxUC-SPMxUv&UOxrtjYa(;i zf_M5mP80AAvzzF_Ly5RUv;2PaM7w<=61ZLy)=9m{CX|Bg_aO8((4zIwPaXBGE)vFm zo_^}iE4(I&lZU-)9rONCKDdi8y%UB+u=?j>RlyBXK|h>2a;9odQ~lEngf^BF(Nr>=G*N^oHii?87idqZ9btpYrWBK*cbjm zH#GcB%I>&~pZ{|5h!I>0e@P;JE4Z9_*bjL$={#8*uhA9Y;taxgr6-UThuVZ7*cC)W zaVZWaWFGX-yCssy-bjTI1L`jxin>7ce*=U6yKK=-IM5zv>tQ-AZo29B@ag<$>mq0EWhLQ^i+aw~srMy!I@L8;VB~AXBL^QTO)PHAL(?p&+&8%CYgNaV=r;C)#@S`%WnxYE<>MnHz)=Ng!-nm=Rc%jdp~K8JUkU9|La&E-%c1ED zSm(V?2WHm33X_4V+x~$81z?n;lL$fkxUo{_U<9y!q`Nyv6AusPBkZPwcrWzEd2jNi z@dfl-83&9k)w`d5@xve=$`lLC1qI-ErJ2f$jPAk-u6~yPz^hm$Rc@T`kDspYj6N(bE>h_>I5UuC0_pKC11z1Ekbzef`{T?>9tQb}vs_|mx&l62Lftg*tBXKjm~m zdeCxBRk_j%i#kgHY^Ky@x@zdXEwLJM<_8|CIf!-9-;dDUMpLoRhMWzOT``J|+jDqjI5C);(@2|H< zCf*(=km8^7&tq$WXm=#NBAdX73t%1A;Q*N5!@9EH1r z@~IOhGm7ft?+^c(r7H^^c(sm_-WibD#57)@!U9YV74cx_2T3ibPXVTO=KJ4cYX6&* zhX2=q(iG$8?%~k~++rqx|5gC|NWH^GFfS3B)qdl*jEsy_fv*4r*MBKSYFupg)>cmA zr+*pTOCAM26`7da%iV0(1==V9{m$R&bEeTk&Tr zft_g#?BrmYRg+ThoO3=5lOsP@Ic>gwj+FBdWk*Ex#ZbOj?=3Uv(F<&@CMT;I;U`PK z+GzSu>c4&lOgP`;>2^DV-F#J4=!%%q8qB4=NDLbFx0NmfZ!d3nZ04!HDmJ`KEM-fE zK^AOvshzgoy$n4%DT^c)9)!LKLob-=@&57`oV0NUn2^-0G~wuW%6q5TBpJ_i-ytcW z5^?G_rGblY| z&zI5ESYZixp^P9TEcw`6Ig|CyFc4@>`+hMdJe>BZy^MnnCJO65v2LowzpJNGPSpSd zCCrVkhjCNVc&0EMV%Az7D16XDUS_O7z+(JKqx^n*71v40;UACfEEyP* zO#t$a<@t2dgjp__G^w!Mly^#lPqC_yW;gCFynMZ#9aZ!bd|5;-89?c%^u5N$`H=w* z2XlkvW}VV`)jZJ0x^%9@cU5%!KO`t7X08<|j&T9@&Ma+JxFLTX_YL zy1?kjT*EUE2dgX&gSSzQoCgRTZgr(zcbkv4LaPT#{Nq8_?da%?goq$txrL-Ht+bR$4N^h>{FYcv$2j49Kv8 z*knL~hyC$RCiZCtb4VsnJ|Uhe>}R355a$fhWwrYlMW1yLg;(9lc;)sr*6;%k80!gs z5|q4_@!5_r&jszm04a-}VA1E6<~K}QAEfZmB*3++Dzf^HIl=F;Cp-O4Gf#how0hW+ z(2UaS=0q!lq`QwSD9Bs74q)ae7)&uM3f~`aSWFg{r?PdA+e$pI24Yz% z{!ZSZ1G6#}OL)#^UwXnQ3sllR<)Bc86vDJ>c#l=&O%{J1fsm?G!r*<9lvhgT2J<}o zvOY$u0gh|yQaJShLlm{Pg$Bb83zT4rAkO4Rq=dH$qR~mDH+gVjL4oEwVL%!q;hk>w zW|Q}RO^FQbWW`5DCiG^&&pRdEZmB&lc0e$up?{z0m+zFHj+yseI+N4wj))|j;q?D#tWO6ez&Ixvu${&B#fbo08<^dM!}i|dQkK<``w5iG z@~<<@IJqyX7zbTReL{T#(1vJNt`CZor6=--UP-BfEFu^BDs~ocvbbBlCS%b5a}uke z_~n=Fp%g|w$F0drv3ig5e1fn8KF8iwa*;pe{Prh))l;OLfo*jQkK`}J+@*$Wj<{zw z(%B&bv%C9MoN$cUws^^x--Yq<`rUm`& zZ{FnLj|eEysvydxH9zsc_nGB3SQW*o9bWM&rhv!vcv`Qw^}VCANBBo;)E5B=N)VIKhMx9Nq_DV7VfxijJnL z6{(p3SD7IY{?Q_&Puw@bK=Wn?x`HJq7EyZo%;vy!ajyPK^I702gP}E$adY68CMMK_ zQHdEqvi{rwO$k(&5q6(NclyV%p6=PZujzz5w$U%7+Xq<^-u$gYw;{@7y^~qB2vh*h zi_K$-bLDy`>+lK`wAD2aQa~J^Go^y2c9(Yl{`u*zhkBVuieh69>QK_UD)J_vBamY(J~d;T zPxm$2JUGS|Fva?{deRX@^xt0NPKTP`U950 zDmz25kP=U_Dk3Po@sC`qFzNrj{rG$9k4E_yD|L7jqNk2~X%h1zSrZhlWZJUu=D?F~ zZNTVaxpm`M^!5JTT<-kk35a3;$N+|r>rYQotX9HM&%R*>jWNG3^D`cd(>#Op*-*sX z%#)`8@W!MKp^Nz_NcJj;-R#o{k+_Nm&H3xfuq(^}?DZ9SGZc_Db zP043>B9CX~Ty9vWp2}w4nIRxl_WN5#h9pJ&GU1mYVNOj)Ig|cK_RQUb+jFzn4)>+G z!E&eVz8vBSwumvw?aKHGMEX12Y^fjl-ol|8?54ei=nTN^pvaz5L5VsHed))ZEdt{K z1Oy3z3F0jlhjpsE)_`+$ZFBKPkNx~y*(C9lR{H~M&B|n}wURW5$w2&6;8V-5h>=Ht5CV}zqCr>A|p03lV0y{;L*aw&?TSSm##LfE{@fH+mcM>*c0>& z--#Wb#J>xyNZydp$d-yQEzuWal35n?sJ>;+=WAj3_U`sx?qtt3i z*_{BH8-V$&m}1=ULC+7y8u)yhthX)o;g_Xa?@6wn+?#N3*OmfT&pNpUeSSQeUS9k@E8sg~Yj4ehoAu0T%}I?=@WxHn_H{$J81ZR)-jJR;E#Bi> z7UQ?{Y9D$k?@oJ!fn$YvuE`*F&3G<&F!;^NqO4xXd%vQ6VZw9%k4nxfs;O-Y!$?zlS2&?J6@)`a zn)D(_S5bOVP#}PqNUtJ-M0!z*p!6=%BM=l7IDk^5g9xD`QboW(?#y|H31(ktvEfBzgT^sw6cwZrh>he%81bhFVJQYv~sn@+iDwxQCd06E#992Tn~i}((9cFca9i&cr)Kq}sbjY^g2+2$!1BYF3)2CX42 z3k(Ath!xI|M#JH<%p&yKb>G?d0UT#BO^A1W>W3Ny;fi10`Vmb!5p;o`Ez-w*iaCXb zX<}l6WcW}gGF`Ho=|;a9BWGIXR$vWmfV&fik@+A?tTcvB@GtISySEKuyzmSZhMOaN*OIuNW3VYx6y0OCC2mc{9|6n}tJdF^Y_9+79;<(T%btil^%0BU&`4sx9 zt=U`$lW{@4Zm8U+zmk&e_GXHWhnrP24ty8T{u!Lo&Tt+YK=HJj@o_5BvzS*+HD5dT z5Z}VW7c?cUb1OztD)?~4vKVEivxI%46!tSa-bWS2Ku@J0eJFYL@ z|J3r?820n~PQ3z-QoCxnjh8*JIUOKszMD7T45GzfbE-H`FV6%nnM$E=p@-v3zH=Y$ z@mQ8Sb?6mk^H3BWee7RmuFB(QjYCEi-Y!p{NR6h!W{iKdJzr^PTp`-y!PHQ0RTv zov(4*;PqIW!2^xwJGW26gAlhU$Y@1|hcfooo0mVx36EbZ5fy7*!sqAjIfo{FZ#TdJ z79^+FQV*UN{j8Wsm-UHyWgJ!bnS`5c(lsMcQAY7#WM0wJE60io21_wfw^u|edbg>@ z4ljsjpt}fgM^-hWKt@v2u>bH9<}w^uAICdTJ&^%sS9TnGyY^Psv)MG$I{)m=epl%$ zBd8G_A!c6s{P@5p+)9RdC(h6aeBjX1)##VTm>_!}#k+F##(itEvypG2>6O6<(2J_N zVcMR|4nB-rd@<&V2A~IgX_Pvc#jD;<1kg?aYcx%YxX_ z6rEVMwcn(A1EuLXZ7kH1au_IgJCgZUeGYR}!h{$Qa$gAo3NfxyH`65EkRGRv`5^vf zRA=xC8pEPn{AZHV)YPes*8gAw!ECQ8u-CK6aw0@87?VNB+LZqG`>|OFlW?78R;Uk> zNMxU<(-PVsvYw)Hz4u|r^>ZJ}Kiu(PdjW!;mvq*`V%IC~z>@LY&zj`AAoxX%5BNhs z85Qzh8gPPFDJc`ioyX{dr4-m9#QdFL#>U($8tM)poR9%37wlUMBpup3C8(&qzf|9-(E{op zloywHMK@rhDpBkDB^icn-O&sPR7l3>nJ)MH-yriEp{XU`-T^ciX11mF`O#l1t{E-q zhGlt9ztIJ~!d>{Zxq6Q!ljdF8hyX-|eXAktS41H=O$XCN7eLw-5)gTLF}qR$OSMiq z4v->H*qTB2&BF^Wi~b;>WWFcki#6>P;6n@jaxYmFUE%WRn>=Z3<>ke)8`PIsKVM$0 zyaH;n0IO5A#^m@Q_f9mkps(W+W0X7ASGF=mfp!ZON zn{^2D%6J~Nvgn|#SGptC1B|YmR#`AOS>5jC8WJ&{kdpx!6&J9itY^J!VTHSvbZ4q5 z_KMsZ;FuTGGrPz;dWHBL)YZ3ILZ`X&E9*Rmt$(kpJLUl$**Ec19QdEK2#Q0aEEwPo z&Uec=&!6K`d{Dvid~$p4k$2wgDg--4M`r=RQk;`A3Oz#BVG!z?v>aldg`34D)7b5I zC;1H4mC=O&iqEgI`9KJ_-j zSYs}szq~Q3W18YYh9&r0g_29 zgRMMylDMBF__R_aJLTWA2}Fhsv0n6@j}bOV)PTuUMGpjM8G!Ni0H=&rx|nz}vzTQ5 z%8;~6_1~JiY4eSnDIsNU^Zp%m2Ei9iTXXIXr00_3eMNXUG(e3qN|<749>ZM{};^B#|(_!~E!Sipqi$n*~4F7DCBA6}HJ1 z)I_-($NMg&^$UFizRElb0o&}blc?2Lf`FSS;$)%G9~`wPo~0t{u2E|NhCAWA$psMd z@!Ey0Psk$;$>CCE%ng)7+{G^s7R=%C`D?SS`C*iTHTOEGyVGQg0W>vejF>-fv5d!_ zk+ki<9h15vd_&3iRz|s1RabY)G0VyLm4FUQNcqZm2xmU$j=EmZQ3H+5pq#zEJ(e+N z7b2Zxp~nf!hdAv|7_R!>m=}pmg8VvK@Kj$vl|mjVT2zhuDU5~&m?^F;|1glyg zs?@r&j1-}b=F2MU^*;NH|AKX$+3N5w(_AS{t$*p`M~g*m>c=HH1I1sm)Ax9kR|EaG z$Nny5$;zc>8t{{O?VWq66|MKtNAyrL6Y@2qQLpJ+-@{M11|jdltU7qd*bP}EX5Z5E z85`5Gbxcjk_y@F5H#6mtuMQ+^o6JBiR?vwOwY@m+9nzUwpGWLFTclJSh+ezg$+#|` zYvK^XQL^%sS?k#2{cxqtsI_c2r!# - The file does not belong to trusted third-party publishers or not signed by Microsoft > - Microsoft Defender Antivirus must at least be running on Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). -The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistent data, such as any registry keys. +The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistent data such as registry keys. This action takes effect on devices with Windows 10, version 1703 or later, where the file was observed in the last 30 days. @@ -75,10 +74,9 @@ This action takes effect on devices with Windows 10, version 1703 or later, wher 1. Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box: - - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline + - **Alerts** - select the corresponding links from the Description or Details in the Artifact timeline - **Search box** - select **File** from the drop–down menu and enter the file name - >[!NOTE] >The stop and quarantine file action is limited to a maximum of 1000 devices. To stop a file on a larger number of devices, see [Add indicator to block or allow file](#add-indicator-to-block-or-allow-a-file). @@ -86,17 +84,17 @@ This action takes effect on devices with Windows 10, version 1703 or later, wher ![Image of stop and quarantine file action](images/atp-stop-quarantine-file.png) -3. Specify a reason, then click **Confirm**. +3. Specify a reason, then select **Confirm**. - ![Image of stop and quarantine file modal window](images/atp-stop-quarantine.png) + ![Image of stop and quarantine file modal window](images/atp-stop-quarantine400.png) The Action center shows the submission information: - ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png) + ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file400.png) - **Submission time** - Shows when the action was submitted. - **Success** - Shows the number of devices where the file has been stopped and quarantined. - **Failed** - Shows the number of devices where the action failed and details about the failure. - - **Pending** - Shows the number of devices where the file is yet to be stopped and quarantined from. This can take time for cases when the device is offline or not connected to the network. + - **Pending** - Shows the number of devices where the file is yet to be stopped and quarantined from. Cases can take extra time when the device is offline or not connected to the network. 4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed. @@ -107,7 +105,7 @@ When the file is being removed from a device, the following notification is show In the device timeline, a new event is added for each device where a file was stopped and quarantined. -For files that widely used throughout an organization, a warning is shown before an action is implemented, to validate that the operation is intended. +A warning is shown before the action is implemented for files widely used throughout an organization. It's to validate that the operation is intended. ## Restore file from quarantine @@ -132,7 +130,7 @@ You can roll back and remove a file from quarantine if you’ve determined that ## Add indicator to block or allow a file -You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on devices in your organization. +Prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on devices in your organization. >[!IMPORTANT] > @@ -156,11 +154,11 @@ To start blocking files, you first need to [turn the **Block or allow** feature When you add an indicator hash for a file, you can choose to raise an alert and block the file whenever a device in your organization attempts to run it. -Files automatically blocked by an indicator won't show up in the files's Action center, but the alerts will still be visible in the Alerts queue. +Files automatically blocked by an indicator won't show up in the file's Action center, but the alerts will still be visible in the Alerts queue. - See [manage indicators](manage-indicators.md) for more details on blocking and raising alerts on files. +For more information on blocking and raising alerts on files, see [manage indicators](manage-indicators.md) . -To stop blocking a file, remove the indicator. You can do so via the **Edit Indicator** action on the file's profile page. This action will be visible in the same position that the **Add Indicator** action was, before you added the indicator. +To stop blocking a file, remove the indicator. You can do so via the **Edit Indicator** action on the file's profile page. This action will be visible in the same position as the **Add Indicator** action, before you added the indicator. You can also edit indicators from the **Settings** page, under **Rules** > **Indicators**. Indicators are listed in this area by their file's hash. @@ -170,70 +168,79 @@ Selecting **Download file** from the response actions allows you to download a l ![Image of download file action](images/atp-download-file-action.png) -When you select this action, a fly-out will appear. From the fly-out, you can record a reason as to why you are downloading the file. You can also set a password to open the file. +When you select this action, a fly-out will appear. From the fly-out, you can record a reason as to why you're downloading the file. You can also set a password to open the file. -![Image of download file fly-out](images/atp-download-file-reason.png) +![Image of download file fly-out](images/atp-download-file-reason400.png) -If a file is not already stored by Microsoft Defender ATP, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled. +### Download quarantined files + +By default, you will not be able to download files that are in quarantine. + +However, you can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. + +Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. + +### Collect files + +If a file is not already stored by Microsoft Defender ATP, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. ## Consult a threat expert -You can consult a Microsoft threat expert for more insights regarding a potentially compromised device or already compromised ones. Microsoft Threat Experts can be engaged directly from within the Microsoft Defender Security Center for timely and accurate response. Experts provide insights not just regarding a potentially compromised device, but also to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, or a threat intelligence context that you see on your portal dashboard. +Consult a Microsoft threat expert for more insights on a potentially compromised device, or already compromised devices. Microsoft Threat Experts are engaged directly from within the Microsoft Defender Security Center for timely and accurate response. Experts provide insights on a potentially compromised device and help you understand complex threats and targeted attack notifications. They can also provide information about the alerts or a threat intelligence context that you see on your portal dashboard. See [Consult a Microsoft Threat Expert](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#consult-a-microsoft-threat-expert-about-suspicious-cybersecurity-activities-in-your-organization) for details. ## Check activity details in Action center -The **Action center** provides information on actions that were taken on a device or file. You’ll be able to view the following details: +The **Action center** provides information on actions that were taken on a device or file. You can view the following details: - Investigation package collection - Antivirus scan - App restriction - Device isolation -All other related details are also shown, for example, submission date/time, submitting user, and if the action succeeded or failed. +All other related details are also shown, such as submission date/time, submitting user, and if the action succeeded or failed. ![Image of action center with information](images/action-center-details.png) - ## Deep analysis -Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Clicking a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis. +Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Selecting a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis. The Deep analysis feature executes a file in a secure, fully instrumented cloud environment. Deep analysis results show the file's activities, observed behaviors, and associated artifacts, such as dropped files, registry modifications, and communication with IPs. Deep analysis currently supports extensive analysis of portable executable (PE) files (including _.exe_ and _.dll_ files). -Deep analysis of a file takes several minutes. Once the file analysis is complete, the Deep Analysis tab will update to display the date and time of the latest results available, as well as a summary of the report itself. +Deep analysis of a file takes several minutes. Once the file analysis is complete, the Deep Analysis tab will update to display a summary and the date and time of the latest available results. -The Deep analysis summary includes a list of observed *behaviors*, some of which can indicate malicious activity, and *observables*, including contacted IPs and files created on the disk. If nothing was found, these sections will simply display a brief message. +The deep analysis summary includes a list of observed *behaviors*, some of which can indicate malicious activity, and *observables*, including contacted IPs and files created on the disk. If nothing was found, these sections will display a brief message. Results of deep analysis are matched against threat intelligence and any matches will generate appropriate alerts. -Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available within the **Deep analysis** tab, on the file's profile page. +Use the deep analysis feature to investigate the details of any file. Analysis is helpful during an alert investigation or for any reason where you suspect malicious behavior. This feature is available within the **Deep analysis** tab, on the file's profile page. >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4aAYy?rel=0] -**Submit for deep analysis** is enabled when the file is available in the Microsoft Defender ATP backend sample collection, or if it was observed on a Windows 10 device that supports submitting to deep analysis. +**Submit for deep analysis** is enabled when the file is available in the Microsoft Defender ATP backend sample collection, or if it was observed on a supported Windows 10 device. > [!NOTE] > Only files from Windows 10 can be automatically collected. -You can also manually submit a sample through the [Microsoft Security Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 device, and wait for **Submit for deep analysis** button to become available. +You can also submit a sample through the [Microsoft Security Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file wasn't observed on a Windows 10 device, and wait for **Submit for deep analysis** button to become available. > [!NOTE] > Due to backend processing flows in the Microsoft Security Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Microsoft Defender ATP. -When the sample is collected, Microsoft Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on devices, communication to IPs, and registry modifications. +When the sample is collected, Microsoft Defender ATP runs the file in a secure environment. It then creates a detailed report of observed behaviors and associated artifacts. Examples include files dropped on devices, communication to IPs, and registry modifications. -**Submit files for deep analysis:** +### Submit files for deep analysis 1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views: - - Alerts - click the file links from the **Description** or **Details** in the Artifact timeline - - **Devices list** - click the file links from the **Description** or **Details** in the **Device in organization** section + - Alerts - select the file links from the **Description** or **Details** in the Artifact timeline + - **Devices list** - select the file links from the **Description** or **Details** in the **Device in organization** section - Search box - select **File** from the drop–down menu and enter the file name -2. In the **Deep analysis** tab of the file view, click **Submit**. +2. In the **Deep analysis** tab of the file view, select **Submit**. ![You can only submit PE files in the file details section](images/submit-file.png) @@ -244,9 +251,9 @@ A progress bar is displayed and provides information on the different stages of > [!NOTE] > Depending on device availability, sample collection time can vary. There is a 3–hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 device reporting at that time. You can re–submit files for deep analysis to get fresh data on the file. -**View deep analysis reports** +### View deep analysis reports -View the deep analysis report that Microsoft Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context. +View the deep analysis report to see more in-depth insights on the file you submitted. This feature is available in the file view context. You can view the comprehensive report that provides details on the following sections: @@ -258,16 +265,16 @@ The details provided can help you investigate if there are indications of a pote 1. Select the file you submitted for deep analysis. 2. Select the **Deep analysis** tab. If there are any previous reports, the report summary will appear in this tab. - ![The deep analysis report shows detailed information across a number of categories](images/analysis-results-nothing.png) + ![The deep analysis report shows detailed information across a number of categories](images/analysis-results-nothing500.png) **Troubleshoot deep analysis** -If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps. +If you come across a problem when trying to submit a file, try each of the following troubleshooting steps. 1. Ensure that the file in question is a PE file. PE files typically have _.exe_ or _.dll_ extensions (executable programs or applications). -1. Ensure the service has access to the file, that it still exists, and has not been corrupted or modified. -1. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error. -1. If the sample collection policy is not configured, then the default behavior is to allow sample collection. If it is configured, then verify the policy setting allows sample collection before submitting the file again. When sample collection is configured, then check the following registry value: +2. Ensure the service has access to the file, that it still exists, and hasn't been corrupted or modified. +3. Wait a short while and try to submit the file again. The queue may be full, or there was a temporary connection or communication error. +4. If the sample collection policy isn't configured, then the default behavior is to allow sample collection. If it's configured, then verify the policy setting allows sample collection before submitting the file again. When sample collection is configured, then check the following registry value: ```Powershell Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection @@ -279,7 +286,7 @@ If you encounter a problem when trying to submit a file, try each of the followi ``` 1. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp.md). -1. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com). +2. If these steps don't resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com). ## Related topics From 143c826d79fb65a3c3fe19e5aab6792931cda05c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 24 Aug 2020 11:38:44 -0700 Subject: [PATCH 02/69] added space --- .../microsoft-defender-atp/respond-file-alerts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 807fc343f2..7d61280521 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -89,6 +89,7 @@ This action takes effect on devices with Windows 10, version 1703 or later, wher ![Image of stop and quarantine file modal window](images/atp-stop-quarantine400.png) The Action center shows the submission information: + ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file400.png) - **Submission time** - Shows when the action was submitted. From 9c2eae965795aa97d89750164d050187ae30e403 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 9 Sep 2020 15:31:22 -0700 Subject: [PATCH 03/69] response actions --- windows/security/threat-protection/TOC.md | 2 +- .../respond-file-alerts.md | 40 +++++++++---------- 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 0ec64812e8..d589a2de66 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -325,10 +325,10 @@ ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) ###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine) +###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) -###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) #### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 7d61280521..301fb51363 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -129,6 +129,24 @@ You can roll back and remove a file from quarantine if you’ve determined that > > Microsoft Defender ATP will restore all custom blocked files that were quarantined on this device in the last 30 days. +## Download or collect file + +Selecting **Download file** from the response actions allows you to download a local, password-protected .zip archive containing your file. A flyout will appear where you can record a reason for downloading the file, and set a password. + +By default, you will not be able to download files that are in quarantine. + +![Image of download file action](images/atp-download-file-action.png) + +### Download quarantined files + +You can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. + +Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. + +### Collect files + +If a file is not already stored by Microsoft Defender ATP, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. + ## Add indicator to block or allow a file Prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on devices in your organization. @@ -163,28 +181,6 @@ To stop blocking a file, remove the indicator. You can do so via the **Edit Indi You can also edit indicators from the **Settings** page, under **Rules** > **Indicators**. Indicators are listed in this area by their file's hash. -## Download or collect file - -Selecting **Download file** from the response actions allows you to download a local, password-protected .zip archive containing your file. - -![Image of download file action](images/atp-download-file-action.png) - -When you select this action, a fly-out will appear. From the fly-out, you can record a reason as to why you're downloading the file. You can also set a password to open the file. - -![Image of download file fly-out](images/atp-download-file-reason400.png) - -### Download quarantined files - -By default, you will not be able to download files that are in quarantine. - -However, you can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. - -Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. - -### Collect files - -If a file is not already stored by Microsoft Defender ATP, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. - ## Consult a threat expert Consult a Microsoft threat expert for more insights on a potentially compromised device, or already compromised devices. Microsoft Threat Experts are engaged directly from within the Microsoft Defender Security Center for timely and accurate response. Experts provide insights on a potentially compromised device and help you understand complex threats and targeted attack notifications. They can also provide information about the alerts or a threat intelligence context that you see on your portal dashboard. From eb5cd097774a044a67bb993376864361ae4b78c5 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 19 Oct 2020 15:40:31 -0700 Subject: [PATCH 04/69] quarantine updates --- .../advanced-features.md | 47 ++++++++++--------- .../respond-file-alerts.md | 10 ++++ 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 16e7db9ecf..26b9e17ce1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -30,7 +30,13 @@ ms.topic: article Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with. -Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations: +## Enable advanced features + +1. In the navigation pane, select **Preferences setup** > **Advanced features**. +2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**. +3. Click **Save preferences**. + +Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations. ## Automated investigation @@ -114,22 +120,6 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct >[!NOTE] >You'll need to have the appropriate license to enable this feature. -## Microsoft Secure Score - -Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data. - -### Enable the Microsoft Defender ATP integration from the Azure ATP portal - -To receive contextual device integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal. - -1. Log in to the [Azure portal](https://portal.atp.azure.com/) with a Global Administrator or Security Administrator role. - -2. Click **Create your instance**. - -3. Toggle the Integration setting to **On** and click **Save**. - -After completing the integration steps on both portals, you'll be able to see relevant alerts in the device details or user details page. - ## Office 365 Threat Intelligence connection This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page. @@ -159,6 +149,22 @@ Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud Turning on this setting allows signals to be forwarded to Azure Information Protection. It gives data owners and administrators visibility into protected data on onboarded devices and device risk ratings. +## Microsoft Secure Score + +Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data. + +### Enable the Microsoft Defender ATP integration from the Azure ATP portal + +To receive contextual device integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal. + +1. Log in to the [Azure portal](https://portal.atp.azure.com/) with a Global Administrator or Security Administrator role. + +2. Click **Create your instance**. + +3. Toggle the Integration setting to **On** and click **Save**. + +After completing the integration steps on both portals, you'll be able to see relevant alerts in the device details or user details page. + ## Microsoft Intune connection Microsoft Defender ATP can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Microsoft Defender ATP device information with Intune, enhancing policy enforcement. @@ -178,7 +184,6 @@ When you enable Intune integration, Intune will automatically create a classic C >[!NOTE] > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. - ## Preview features Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. @@ -191,11 +196,9 @@ Forwards endpoint security alerts and their triage status to Microsoft Complianc After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. -## Enable advanced features +## Download quarantined files -1. In the navigation pane, select **Preferences setup** > **Advanced features**. -2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**. -3. Click **Save preferences**. +You can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. [Learn more about requirements](respond-file-alerts.md#download-quarantined-files) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 5496856283..a5a70ec6b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -142,10 +142,20 @@ By default, you will not be able to download files that are in quarantine. ### Download quarantined files +>[!IMPORTANT] +> +>- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). +> +>- The Engine version must be 1.1.17300.4 or later. +>- Supported on devices with Windows 10, version 1703 or later, Windows server 2016 and 2019. +>- Microsoft Defender for Endpoint is in active mode + You can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. +[Learn more about advanced features](advanced-features.md) + ### Collect files If a file is not already stored by Microsoft Defender ATP, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. From dd5a5ffaf2748dd59b6a1239aee3cba275fc06de Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 22 Oct 2020 15:25:13 -0700 Subject: [PATCH 05/69] added content --- .../respond-file-alerts.md | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 18fbac4675..fdacf2e946 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -142,20 +142,22 @@ By default, you will not be able to download files that are in quarantine. ### Download quarantined files ->[!IMPORTANT] -> ->- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). -> ->- The Engine version must be 1.1.17300.4 or later. ->- Supported on devices with Windows 10, version 1703 or later, Windows server 2016 and 2019. ->- Microsoft Defender for Endpoint is in active mode +Turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. -You can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. +Users may be prompted to provide explicit consent before backing up the quarantined file, depending on your [automatic sample submission configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-intune-to-enable-cloud-delivered-protection). -Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. +Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. [Learn more about advanced features](advanced-features.md) +>[!IMPORTANT] +>Requirements: +>- Your organization uses Microsoft Defender Antivirus +>- Cloud–based protection is enabled. See [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) +>- Microsoft Defender for Endpoint is in active mode +>- Engine version is 1.1.17300.4 or later +>- Devices have Windows 10 version 1703 or later, or Windows server 2016 and 2019 + ### Collect files If a file is not already stored by Microsoft Defender ATP, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. From 7a50041df629f60dc99c10698dbc7504c1559df0 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 20 Nov 2020 11:24:05 -0800 Subject: [PATCH 06/69] new sentence --- .../microsoft-defender-atp/respond-file-alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 9da5a9eeb3..ca7bd263f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -142,7 +142,7 @@ By default, you will not be able to download files that are in quarantine. ### Download quarantined files -Turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. +Turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. A quarantined file will only be downloaded once per tenant. Users may be prompted to provide explicit consent before backing up the quarantined file, depending on your [automatic sample submission configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-intune-to-enable-cloud-delivered-protection). From 053d639ef9f6e3015ef29ede607084aed1dcd30b Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 2 Feb 2021 15:10:21 -0800 Subject: [PATCH 07/69] new additions --- .../microsoft-defender-atp/respond-file-alerts.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index cf1f51c73e..b9a6fed9c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -146,13 +146,13 @@ By default, you will not be able to download files that are in quarantine. ### Download quarantined files -Turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. A quarantined file will only be downloaded once per tenant. +When this setting is on, quarantined files will be backed up to a secure and compliant location so they can be downloaded directly from quarantine. The **Download file** button will always be available for you to use from the file's detailed profile page in the Microsoft Defender Security Center. **This feature is turned 'On' by default**. + +Newly quarantined files from any supported endpoint in your organization will be copied to the same secure Azure storage location as your existing sample submission files. A quarantined file will only be collected once per organization. Users may be prompted to provide explicit consent before backing up the quarantined file, depending on your [automatic sample submission configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-intune-to-enable-cloud-delivered-protection). -Go to **Settings** > **Advanced features** > **Download quarantined files** and switch the toggle to **On**. - -[Learn more about advanced features](advanced-features.md) +Go to **Settings** > **Advanced features** > **Download quarantined files** to adjust the setting. [Learn more about advanced features](advanced-features.md) >[!IMPORTANT] >Requirements: From 6232fb645ef526b3720034a35f4fce921c6b7de7 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Fri, 5 Feb 2021 17:06:56 -0600 Subject: [PATCH 08/69] Update use-windows-event-forwarding-to-assist-in-intrusion-detection.md Updated the "What are the WEC server's limitations section per Gianni Bragante's recommendation. --- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index db7887046c..5c4f3b4849 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -147,7 +147,7 @@ Yes. If you desire a High-Availability environment, simply configure multiple WE ### What are the WEC server’s limitations? -There are three factors that limit the scalability of WEC servers. The general rule for a stable WEC server on commodity hardware is “10k x 10k” – meaning, no more than 10,000 concurrently active WEF Clients per WEC server and no more than 10,000 events/second average event volume. +There are three factors that limit the scalability of WEC servers. The general rule for a stable WEC server on commodity hardware is planning for a total of 3000 events per second for all configured subscriptions on average - **Disk I/O**. The WEC server does not process or validate the received event, but rather buffers the received event and then logs it to a local event log file (EVTX file). The speed of logging to the EVTX file is limited by the disk write speed. Isolating the EVTX file to its own array or using high speed disks can increase the number of events per second that a single WEC server can receive. - **Network Connections**. While a WEF source does not maintain a permanent, persistent connection to the WEC server, it does not immediately disconnect after sending its events. This means that the number of WEF sources that can simultaneously connect to the WEC server is limited to the open TCP ports available on the WEC server. From ac24e7029ccbf130b993c2a5ed55deda053917da Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 8 Feb 2021 15:48:44 +0200 Subject: [PATCH 09/69] Update raw-data-export-event-hub.md --- .../microsoft-defender-atp/raw-data-export-event-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md index 6fe781ca15..4fd57b472e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md @@ -37,7 +37,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww ## Enable raw data streaming: -1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) with a Global Admin user. +1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) with a ***Global Administrator*** or ***Security Administrator*** user. 2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center. From c3ad8f50f846ba96d781367952a938e3d12283bf Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 8 Feb 2021 15:50:23 +0200 Subject: [PATCH 10/69] Update raw-data-export-storage.md --- .../microsoft-defender-atp/raw-data-export-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md index 84b4d64c9c..58f660a8ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md @@ -37,7 +37,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww ## Enable raw data streaming: -1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) with Global Admin user. +1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) with ***Global Administrator*** or ***Security Administrator*** user. 2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center. From 08c9ed45843f9c6da407ba4f7595242b017e6217 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 8 Feb 2021 14:38:40 -0800 Subject: [PATCH 11/69] turned off --- .../microsoft-defender-atp/respond-file-alerts.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index b9a6fed9c4..3e0560e35d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -146,13 +146,13 @@ By default, you will not be able to download files that are in quarantine. ### Download quarantined files -When this setting is on, quarantined files will be backed up to a secure and compliant location so they can be downloaded directly from quarantine. The **Download file** button will always be available for you to use from the file's detailed profile page in the Microsoft Defender Security Center. **This feature is turned 'On' by default**. +When this setting is on, quarantined files will be backed up to a secure and compliant location so they can be downloaded directly from quarantine. The **Download file** button will always be available for you to use from the file's detailed profile page in the Microsoft Defender Security Center. **This feature is turned 'Off' by default**. Newly quarantined files from any supported endpoint in your organization will be copied to the same secure Azure storage location as your existing sample submission files. A quarantined file will only be collected once per organization. Users may be prompted to provide explicit consent before backing up the quarantined file, depending on your [automatic sample submission configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-intune-to-enable-cloud-delivered-protection). -Go to **Settings** > **Advanced features** > **Download quarantined files** to adjust the setting. [Learn more about advanced features](advanced-features.md) +Go to **Settings** > **Advanced features** > **Download quarantined files** to turn on this feature. [Learn more about advanced features](advanced-features.md) >[!IMPORTANT] >Requirements: From 9c48e5ed8d484b35d2c840edf415d58a1a48907c Mon Sep 17 00:00:00 2001 From: Ben Date: Tue, 9 Feb 2021 12:47:24 +0200 Subject: [PATCH 12/69] Update windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/raw-data-export-event-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md index 4fd57b472e..7f50f7037a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md @@ -39,7 +39,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww 1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) with a ***Global Administrator*** or ***Security Administrator*** user. -2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center. +2. Go to the [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center. 3. Click on **Add data export settings**. From 0e35e351ccc2c60de871e923289a2b7bef1f2b3e Mon Sep 17 00:00:00 2001 From: Ben Date: Tue, 9 Feb 2021 12:47:41 +0200 Subject: [PATCH 13/69] Update windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/raw-data-export-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md index 58f660a8ca..0544f0023c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md @@ -37,7 +37,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww ## Enable raw data streaming: -1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) with ***Global Administrator*** or ***Security Administrator*** user. +1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) as a ***Global Administrator*** or ***Security Administrator***. 2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center. From 0c2a70885f667e25ffb0a0a2c17721857aafd196 Mon Sep 17 00:00:00 2001 From: Ben Date: Tue, 9 Feb 2021 12:47:49 +0200 Subject: [PATCH 14/69] Update windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/raw-data-export-event-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md index 7f50f7037a..5b1ff9f539 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md @@ -37,7 +37,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww ## Enable raw data streaming: -1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) with a ***Global Administrator*** or ***Security Administrator*** user. +1. Log in to the [Microsoft Defender Security Center](https://securitycenter.windows.com) as a ***Global Administrator*** or ***Security Administrator***. 2. Go to the [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center. From 8b15dfe75e84d6403c8c3e93492251896b3e4e04 Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Tue, 9 Feb 2021 13:55:30 +0100 Subject: [PATCH 15/69] Update microsoft-defender-antivirus-compatibility.md updated table Antivirus and Microsoft Defender for Endpoint, updated the columns regarding Server 2019... Kudos to Thomas Gschwandtner! --- .../microsoft-defender-antivirus-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 20419165db..6a62415e73 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -43,8 +43,8 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh | Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatically disabled mode | | Windows 10 | Microsoft Defender Antivirus | Yes | Active mode | | Windows 10 | Microsoft Defender Antivirus | No | Active mode | -| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode [[1](#fn1)] | -| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No | Must be set to passive mode (manually) [[1](#fn1)] | +| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes | Must be set to passive mode (manually) [[1](#fn1)] | +| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually) [[2](#fn2)] | | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | Yes | Active mode | | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | No | Active mode | | Windows Server 2016 | Microsoft Defender Antivirus | Yes | Active mode | From dc16910896f33d5035a23e90f135fe9b1961461a Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 9 Feb 2021 10:31:56 -0600 Subject: [PATCH 16/69] Update security-compliance-toolkit-10.md Updated Edge version to 88 --- .../threat-protection/security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 509869f9e5..18151f137c 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -46,7 +46,7 @@ The Security Compliance Toolkit consists of: - Microsoft 365 Apps for enterprise (Sept 2019) - Microsoft Edge security baseline - - Version 85 + - Version 88 - Windows Update security baseline - Windows 10 20H2 and below (October 2020 Update) From e6a1bb057022b2c841a5021f85aa2dc3a589e858 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 9 Feb 2021 16:21:54 -0800 Subject: [PATCH 17/69] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 6a62415e73..20a13881ec 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: tewchen, pahuijbr, shwjha manager: dansimp -ms.date: 01/27/2021 +ms.date: 02/09/2021 ms.technology: mde --- From e264ede3ac09910ff61c427dc07898f4696960ee Mon Sep 17 00:00:00 2001 From: Vatsan Madhavan Date: Wed, 10 Feb 2021 12:17:50 -0800 Subject: [PATCH 18/69] Add instructions for targeting a specific version of Windows 10 --- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index e2a1224d61..c597e263d7 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -26,7 +26,9 @@ ms.technology: mde To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device. -- [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) +- [Create WMI Filters for the GPO](#create-wmi-filters-for-the-gpo) + - [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) + - [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) - [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) @@ -80,6 +82,12 @@ First, create the WMI filter and configure it to look for a specified version (o select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1" ``` + Specific versions of Windows 10 can be targeted by including the *major build version* of interest in the query. The following query returns **true** for all devices running Windows 10 20H2 (which has a *major build version* of `19042`), and returns **false** for any server operating system or any other client operating system. Additional information about Windows 10 build versions can be found at [Windows 10 relase information](https://docs.microsoft.com/en-us/windows/release-health/release-information). + + ```syntax + select * from Win32_OperatingSystem where Version like "10.0.19042" and ProductType="1" + ``` + The following query returns **true** for any device running Windows Server 2016, except domain controllers: ``` syntax From 11262113619db522f9a5499976f02604ce3c0e08 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 10 Feb 2021 12:21:25 -0800 Subject: [PATCH 19/69] Update create-wmi-filters-for-the-gpo.md --- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index c597e263d7..d3ffb0ca4d 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -82,7 +82,7 @@ First, create the WMI filter and configure it to look for a specified version (o select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1" ``` - Specific versions of Windows 10 can be targeted by including the *major build version* of interest in the query. The following query returns **true** for all devices running Windows 10 20H2 (which has a *major build version* of `19042`), and returns **false** for any server operating system or any other client operating system. Additional information about Windows 10 build versions can be found at [Windows 10 relase information](https://docs.microsoft.com/en-us/windows/release-health/release-information). + Specific versions of Windows 10 can be targeted by including the *major build version* in the query. The following query returns **true** for all devices running Windows 10 20H2 (which has a *major build version* of `19042`), and returns **false** for any server operating system or any other client operating system. Additional information about Windows 10 build versions can be found at [Windows 10 relase information](https://docs.microsoft.com/windows/release-health/release-information). ```syntax select * from Win32_OperatingSystem where Version like "10.0.19042" and ProductType="1" From f805918b0eccf554485b4dd496282cb522597ab0 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 10 Feb 2021 12:24:44 -0800 Subject: [PATCH 20/69] Update windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...indows-event-forwarding-to-assist-in-intrusion-detection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 5c4f3b4849..fe98c18c26 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -147,7 +147,7 @@ Yes. If you desire a High-Availability environment, simply configure multiple WE ### What are the WEC server’s limitations? -There are three factors that limit the scalability of WEC servers. The general rule for a stable WEC server on commodity hardware is planning for a total of 3000 events per second for all configured subscriptions on average +There are three factors that limit the scalability of WEC servers. The general rule for a stable WEC server on commodity hardware is planning for a total of 3,000 events per second on average for all configured subscriptions. - **Disk I/O**. The WEC server does not process or validate the received event, but rather buffers the received event and then logs it to a local event log file (EVTX file). The speed of logging to the EVTX file is limited by the disk write speed. Isolating the EVTX file to its own array or using high speed disks can increase the number of events per second that a single WEC server can receive. - **Network Connections**. While a WEF source does not maintain a permanent, persistent connection to the WEC server, it does not immediately disconnect after sending its events. This means that the number of WEF sources that can simultaneously connect to the WEC server is limited to the open TCP ports available on the WEC server. @@ -661,4 +661,3 @@ You can get more info with the following links: - [Windows Event Collector](https://msdn.microsoft.com/library/windows/desktop/bb427443.aspx) - [4625(F): An account failed to log on](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4625) - From 77eba0cedfc0b38e846424fc084ec6d31115bc92 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 10 Feb 2021 13:36:07 -0800 Subject: [PATCH 21/69] pencil edit --- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index fe98c18c26..142ab09ad4 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -41,7 +41,7 @@ Here's an approximate scaling guide for WEF events: | 5,000 - 50,000 | SEM | | 50,000+ | Hadoop/HDInsight/Data Lake | -Event generation on a device must be enabled either separately or as part of the GPO for the baseline WEF implementation, including enabling of disabled event logs and setting channel permissions. For more info, see [Appendix C - Event channel settings (enable and channel access) methods](#bkmk-appendixc). This is because WEF is a passive system with regards to the event log. It cannot change the size of event log files, enable disabled event channels, change channel permissions, or adjust a security audit policy. WEF only queries event channels for existing events. Additionally, having event generation already occurring on a device allows for more complete event collection building a complete history of system activity. Otherwise, you'll be limited to the speed of GPO and WEF subscription refresh cycles to make changes to what is being generated on the device. On modern devices, enabling additional event channels and expanding the size of event log files has not resulted in noticeable performance differences. +Event generation on a device must be enabled either separately or as part of the GPO for the baseline WEF implementation, including enabling of disabled event logs and setting channel permissions. For more info, see [Appendix C - Event channel settings (enable and channel access) methods](#bkmk-appendixc). This is because WEF is a passive system regarding the event log. It cannot change the size of event log files, enable disabled event channels, change channel permissions, or adjust a security audit policy. WEF only queries event channels for existing events. Additionally, having event generation already occurring on a device allows for more complete event collection building a complete history of system activity. Otherwise, you'll be limited to the speed of GPO and WEF subscription refresh cycles to make changes to what is being generated on the device. On modern devices, enabling additional event channels and expanding the size of event log files has not resulted in noticeable performance differences. For the minimum recommended audit policy and registry system ACL settings, see [Appendix A - Minimum recommended minimum audit policy](#bkmk-appendixa) and [Appendix B - Recommended minimum registry system ACL policy](#bkmk-appendixb). From 20287844a84bf37e6361a3affc987e4e4225fcf7 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 10 Feb 2021 13:37:01 -0800 Subject: [PATCH 22/69] pencil edit --- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index d3ffb0ca4d..f0661800e0 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -82,7 +82,7 @@ First, create the WMI filter and configure it to look for a specified version (o select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1" ``` - Specific versions of Windows 10 can be targeted by including the *major build version* in the query. The following query returns **true** for all devices running Windows 10 20H2 (which has a *major build version* of `19042`), and returns **false** for any server operating system or any other client operating system. Additional information about Windows 10 build versions can be found at [Windows 10 relase information](https://docs.microsoft.com/windows/release-health/release-information). + Specific versions of Windows 10 can be targeted by including the *major build version* in the query. The following query returns **true** for all devices running Windows 10 20H2 (which has a *major build version* of `19042`), and returns **false** for any server operating system or any other client operating system. Additional information about Windows 10 build versions can be found at [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information). ```syntax select * from Win32_OperatingSystem where Version like "10.0.19042" and ProductType="1" From bb855c72bac14225228c893a9dbcb774851b54bf Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 10 Feb 2021 13:40:39 -0800 Subject: [PATCH 23/69] pencil edit --- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index f0661800e0..8fdbbf43f4 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -30,8 +30,6 @@ To make sure that each GPO associated with a group can only be applied to device - [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) - [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) -- [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) - **Administrative credentials** To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs. From 6a9766d1cce365312c7697db97a9dda7d3b24bdb Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 10 Feb 2021 13:41:17 -0800 Subject: [PATCH 24/69] pencil edits --- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 8fdbbf43f4..cf777fe302 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -26,9 +26,9 @@ ms.technology: mde To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device. -- [Create WMI Filters for the GPO](#create-wmi-filters-for-the-gpo) - - [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) - - [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) +[Create WMI Filters for the GPO](#create-wmi-filters-for-the-gpo) +- [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) +- [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) **Administrative credentials** From 639cbf234b8e0bcde47ae0f97a35c6763c4c3b82 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 10 Feb 2021 13:45:09 -0800 Subject: [PATCH 25/69] pencil edits --- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index cf777fe302..d863d37050 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -26,9 +26,9 @@ ms.technology: mde To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device. -[Create WMI Filters for the GPO](#create-wmi-filters-for-the-gpo) -- [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) -- [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) +- [Create WMI Filters for the GPO](#create-wmi-filters-for-the-gpo) + - [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows) + - [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo) **Administrative credentials** From 9a4cd1a75f54e3dd15ee19640c609636b7c69717 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:12:15 -0800 Subject: [PATCH 26/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...exclusions-microsoft-defender-antivirus.md | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 75911ebb62..682dd8774f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -1,8 +1,8 @@ --- -title: Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019 +title: Configure Microsoft Defender Antivirus exclusions on Windows Server ms.reviewer: manager: dansimp -description: Windows Servers 2016 and 2019 include automatic exclusions, based on server role. You can also add custom exclusions. +description: Windows Server includes automatic exclusions, based on server role. You can also add custom exclusions. keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.prod: m365-security @@ -14,6 +14,7 @@ author: denisebmsft ms.author: deniseb ms.custom: nextgen ms.technology: mde +ms.date: 02/10/2021 --- # Configure Microsoft Defender Antivirus exclusions on Windows Server @@ -24,8 +25,7 @@ ms.technology: mde - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - -Microsoft Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). +Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). > [!NOTE] > Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. @@ -36,26 +36,25 @@ In addition to server role-defined automatic exclusions, you can add or remove c ## A few points to keep in mind +Keep the following important points in mind: + - Custom exclusions take precedence over automatic exclusions. - - Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. - - Custom and duplicate exclusions do not conflict with automatic exclusions. - - Microsoft Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer. ## Opt out of automatic exclusions -In Windows Server 2016 and 2019, the predefined exclusions delivered by Security intelligence updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, make sure to opt out of the automatic exclusions delivered in Security intelligence updates. But keep in mind that the exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists. +In Windows Server 2016 and Windows Server 2019, the predefined exclusions delivered by Security intelligence updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, make sure to opt out of the automatic exclusions delivered in Security intelligence updates. But keep in mind that the exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists. > [!WARNING] -> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. +> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 and Windows Server 2019 roles. Because predefined exclusions only exclude **default paths**, if you move NTDS and SYSVOL to another drive or path that is *different from the original path*, you must add exclusions manually using the information [here](configure-extension-file-exclusions-microsoft-defender-antivirus.md#configure-the-list-of-exclusions-based-on-folder-name-or-file-extension) . You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI. -### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 and 2019 +### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 and Windows Server 2019 1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725752(v=ws.11)). Right-click the Group Policy Object you want to configure, and then click **Edit**. @@ -77,7 +76,7 @@ Set-MpPreference -DisableAutoExclusions $true [Use PowerShell with Microsoft Defender Antivirus](https://docs.microsoft.com/powershell/module/defender/). -### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and 2019 +### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and Windows Server 2019 Use the **Set** method of the [MSFT_MpPreference](https://docs.microsoft.com/previous-versions/windows/desktop/defender/msft-mppreference) class for the following properties: From e0661b3414d58f90b70686b83d3c0d24dc904078 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:20:05 -0800 Subject: [PATCH 27/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...erver-exclusions-microsoft-defender-antivirus.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 682dd8774f..3f12c1e29a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -95,6 +95,9 @@ The following sections contain the exclusions that are delivered with automatic This section lists the default exclusions for all Windows Server 2016 and 2019 roles. +> [!NOTE] +> The default locations could be different than what's listed in this article. + #### Windows "temp.edb" files - `%windir%\SoftwareDistribution\Datastore\*\tmp.edb` @@ -212,15 +215,15 @@ The following table lists the file type exclusions, folder exclusions, and proce #### SYSVOL files -- `%systemroot%\Sysvol\Domain\*.adm` +- `%systemroot%\Sysvol\Domain\Policies*\ADM*.adm` -- `%systemroot%\Sysvol\Domain\*.admx` +- `%systemroot%\Sysvol\Domain\Policies\PolicyDefinition*.admx` -- `%systemroot%\Sysvol\Domain\*.adml` +- `%systemroot%\Sysvol\Domain\Policies\PolicyDefinition*.adml` -- `%systemroot%\Sysvol\Domain\Registry.pol` +- `%systemroot%\Sysvol\Domain\Policies\Registry.pol` -- `%systemroot%\Sysvol\Domain\*.aas` +- `%systemroot%\Sysvol\Domain\Policies*\Machine\Applications*.aas` - `%systemroot%\Sysvol\Domain\*.inf` From 50fd867a28f11c721814ddfce5ff0cfbb66b2136 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:43:27 -0800 Subject: [PATCH 28/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...exclusions-microsoft-defender-antivirus.md | 30 +++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 3f12c1e29a..c8ef0289c3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -225,13 +225,11 @@ The following table lists the file type exclusions, folder exclusions, and proce - `%systemroot%\Sysvol\Domain\Policies*\Machine\Applications*.aas` -- `%systemroot%\Sysvol\Domain\*.inf` +- `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\SecEdit*.inf` -- `%systemroot%\Sysvol\Domain\*.Scripts.ini` +- `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\Audit*.csv` -- `%systemroot%\Sysvol\Domain\*.ins` - -- `%systemroot%\Sysvol\Domain\Oscfilter.ini` +- `%systemroot%\Sysvol\Domain\Policies*\Machine\Scripts\Scripts.ini` ### Active Directory exclusions @@ -359,6 +357,28 @@ This section lists the folder exclusions and the process exclusions that are del - `%SystemDrive%\PHP5433\php-cgi.exe` +#### Turning off scanning of files in the Sysvol\Sysvol folder or the SYSVOL_DFSR\Sysvol folder + +The current location of the Sysvol\Sysvol or SYSVOL_DFSR\Sysvol folder and all the subfolders is the file system reparse target of the replica set root. The Sysvol\Sysvol and SYSVOL_DFSR\Sysvol folders use the following locations by default: +%systemroot%\Sysvol\Domain +%systemroot%\Sysvol_DFSR\Domain + +The path to the currently active SYSVOL is referenced by the NETLOGON share and can be determined by the SysVol value name in the following subkey: +HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters + +Exclude the following files from this folder and all its subfolders: +- `*.adm` +- `*.admx` +- `*.adml` +- `Registry.pol` +- `Registry.tmp` +- `*.aas` +- `*.inf` +- `Scripts.ini` +- `*.ins` +- `Oscfilter.ini` + + ### Windows Server Update Services exclusions This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup` From 1a5f7784c9eb2ab20d8fc630e13f91da69e5254a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:46:32 -0800 Subject: [PATCH 29/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...server-exclusions-microsoft-defender-antivirus.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index c8ef0289c3..a237bfabbb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -359,12 +359,11 @@ This section lists the folder exclusions and the process exclusions that are del #### Turning off scanning of files in the Sysvol\Sysvol folder or the SYSVOL_DFSR\Sysvol folder -The current location of the Sysvol\Sysvol or SYSVOL_DFSR\Sysvol folder and all the subfolders is the file system reparse target of the replica set root. The Sysvol\Sysvol and SYSVOL_DFSR\Sysvol folders use the following locations by default: -%systemroot%\Sysvol\Domain -%systemroot%\Sysvol_DFSR\Domain +The current location of the `Sysvol\Sysvol` or `SYSVOL_DFSR\Sysvol` folder and all the subfolders is the file system reparse target of the replica set root. The `Sysvol\Sysvol` and `SYSVOL_DFSR\Sysvol` folders use the following locations by default: +- `%systemroot%\Sysvol\Domain` +- `%systemroot%\Sysvol_DFSR\Domain` -The path to the currently active SYSVOL is referenced by the NETLOGON share and can be determined by the SysVol value name in the following subkey: -HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters +The path to the currently active `SYSVOL` is referenced by the NETLOGON share and can be determined by the SysVol value name in the following subkey: `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters` Exclude the following files from this folder and all its subfolders: - `*.adm` @@ -378,7 +377,6 @@ Exclude the following files from this folder and all its subfolders: - `*.ins` - `Oscfilter.ini` - ### Windows Server Update Services exclusions This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup` @@ -391,7 +389,7 @@ This section lists the folder exclusions that are delivered automatically when y - `%systemroot%\SoftwareDistribution\Download` -## Related articles +## See also - [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) From d78d4f39487703ab8fd557ad187abe7efe9ed755 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 10 Feb 2021 14:49:04 -0800 Subject: [PATCH 30/69] remove section not ready to publish --- windows/security/threat-protection/TOC.md | 1 - .../advanced-features.md | 4 ---- .../respond-file-alerts.md | 24 +++---------------- 3 files changed, 3 insertions(+), 26 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5bf680ae60..ffaefc3108 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -371,7 +371,6 @@ ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) ###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine) -###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 15fd8d262c..0230069f42 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -203,10 +203,6 @@ Forwards endpoint security alerts and their triage status to Microsoft Complianc After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users. -## Download quarantined files - -You can turn on a setting to backup quarantined files in a secure and compliant location so they can be downloaded directly from quarantine. Once this setting is enabled, the **Download file** button will always be available. [Learn more about requirements](respond-file-alerts.md#download-quarantined-files) - ## Related topics - [Update data retention settings](data-retention-settings.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index b492129a66..315047b17b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -1,5 +1,5 @@ --- -title: Take response actions on a file in Microsoft Defender ATP +title: Take response actions on a file in Microsoft Defender for Endpoint description: Take response actions on file-related alerts by stopping and quarantining a file or blocking a file and checking activity details. keywords: respond, stop and quarantine, block file, deep analysis search.product: eADQiWindows 10XVcnh @@ -144,29 +144,11 @@ By default, you will not be able to download files that are in quarantine. ![Image of download file action](images/atp-download-file-action.png) -### Download quarantined files - -When this setting is on, quarantined files will be backed up to a secure and compliant location so they can be downloaded directly from quarantine. The **Download file** button will always be available for you to use from the file's detailed profile page in the Microsoft Defender Security Center. **This feature is turned 'Off' by default**. - -Newly quarantined files from any supported endpoint in your organization will be copied to the same secure Azure storage location as your existing sample submission files. A quarantined file will only be collected once per organization. - -Users may be prompted to provide explicit consent before backing up the quarantined file, depending on your [automatic sample submission configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-intune-to-enable-cloud-delivered-protection). - -Go to **Settings** > **Advanced features** > **Download quarantined files** to turn on this feature. [Learn more about advanced features](advanced-features.md) - ->[!IMPORTANT] ->Requirements: ->- Your organization uses Microsoft Defender Antivirus ->- Cloud–based protection is enabled. See [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) ->- Microsoft Defender for Endpoint is in active mode ->- Engine version is 1.1.17300.4 or later ->- Devices have Windows 10 version 1703 or later, or Windows server 2016 and 2019 - ### Collect files -If a file is not already stored by Microsoft Defender ATP, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. +If a file is not already stored by Microsoft Defender for Endpoint, you can't download it. Instead, you'll see a **Collect file** button in the same location. If a file hasn't been seen in the organization in the past 30 days, **Collect file** will be disabled. > [!Important] -> A file that was quarantined as a potential network threat might not be recoverable. If a user attempts to restore the file after quarantine, that file might not be accessible. This can be due to the system no longer having network credentials to access the file. Typically, this is a result of a temporary log on to a system or shared folder and the access tokens expired. +> A file that was quarantined as a potential network threat might not be recoverable. If a user attempts to restore the file after quarantine, that file might not be accessible. This can be due to the system no longer having network credentials to access the file. Typically, this is a result of a temporary log on to a system or shared folder and the access tokens expired. ## Add indicator to block or allow a file From f91b5321237ec1b20f3d49442e9dd3552c04cbe7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:50:36 -0800 Subject: [PATCH 31/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...exclusions-microsoft-defender-antivirus.md | 72 ++----------------- 1 file changed, 5 insertions(+), 67 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index a237bfabbb..50ab6ffb26 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -57,11 +57,8 @@ You can disable the automatic exclusion lists with Group Policy, PowerShell cmdl ### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 and Windows Server 2019 1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725752(v=ws.11)). Right-click the Group Policy Object you want to configure, and then click **Edit**. - 2. In the **Group Policy Management Editor** go to **Computer configuration**, and then click **Administrative templates**. - 3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Exclusions**. - 4. Double-click **Turn off Auto Exclusions**, and set the option to **Enabled**. Then click **OK**. ### Use PowerShell cmdlets to disable the auto-exclusions list on Windows Server 2016 and 2019 @@ -72,9 +69,10 @@ Use the following cmdlets: Set-MpPreference -DisableAutoExclusions $true ``` -[Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md). +To learn more, see the following resources: -[Use PowerShell with Microsoft Defender Antivirus](https://docs.microsoft.com/powershell/module/defender/). +- [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md). +- [Use PowerShell with Microsoft Defender Antivirus](https://docs.microsoft.com/powershell/module/defender/). ### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and Windows Server 2019 @@ -101,51 +99,36 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r #### Windows "temp.edb" files - `%windir%\SoftwareDistribution\Datastore\*\tmp.edb` - - `%ProgramData%\Microsoft\Search\Data\Applications\Windows\*\*.log` #### Windows Update files or Automatic Update files - `%windir%\SoftwareDistribution\Datastore\*\Datastore.edb` - - `%windir%\SoftwareDistribution\Datastore\*\edb.chk` - - `%windir%\SoftwareDistribution\Datastore\*\edb\*.log` - - `%windir%\SoftwareDistribution\Datastore\*\Edb\*.jrs` - - `%windir%\SoftwareDistribution\Datastore\*\Res\*.log` #### Windows Security files - `%windir%\Security\database\*.chk` - - `%windir%\Security\database\*.edb` - - `%windir%\Security\database\*.jrs` - - `%windir%\Security\database\*.log` - - `%windir%\Security\database\*.sdb` #### Group Policy files - `%allusersprofile%\NTUser.pol` - - `%SystemRoot%\System32\GroupPolicy\Machine\registry.pol` - - `%SystemRoot%\System32\GroupPolicy\User\registry.pol` #### WINS files - `%systemroot%\System32\Wins\*\*.chk` - - `%systemroot%\System32\Wins\*\*.log` - - `%systemroot%\System32\Wins\*\*.mdb` - - `%systemroot%\System32\LogFiles\` - - `%systemroot%\SysWow64\LogFiles\` #### File Replication Service (FRS) exclusions @@ -153,9 +136,7 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r - Files in the File Replication Service (FRS) working folder. The FRS working folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory` - `%windir%\Ntfrs\jet\sys\*\edb.chk` - - `%windir%\Ntfrs\jet\*\Ntfrs.jdb` - - `%windir%\Ntfrs\jet\log\*\*.log` - FRS Database log files. The FRS Database log file folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ntfrs\Parameters\DB Log File Directory` @@ -176,33 +157,21 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r > For custom locations, see [Opt out of automatic exclusions](#opt-out-of-automatic-exclusions). - `%systemdrive%\System Volume Information\DFSR\$db_normal$` - - `%systemdrive%\System Volume Information\DFSR\FileIDTable_*` - - `%systemdrive%\System Volume Information\DFSR\SimilarityTable_*` - - `%systemdrive%\System Volume Information\DFSR\*.XML` - - `%systemdrive%\System Volume Information\DFSR\$db_dirty$` - - `%systemdrive%\System Volume Information\DFSR\$db_clean$` - - `%systemdrive%\System Volume Information\DFSR\$db_lostl$` - - `%systemdrive%\System Volume Information\DFSR\Dfsr.db` - - `%systemdrive%\System Volume Information\DFSR\*.frx` - - `%systemdrive%\System Volume Information\DFSR\*.log` - - `%systemdrive%\System Volume Information\DFSR\Fsr*.jrs` - - `%systemdrive%\System Volume Information\DFSR\Tmp.edb` #### Process exclusions - `%systemroot%\System32\dfsr.exe` - - `%systemroot%\System32\dfsrs.exe` #### Hyper-V exclusions @@ -216,19 +185,12 @@ The following table lists the file type exclusions, folder exclusions, and proce #### SYSVOL files - `%systemroot%\Sysvol\Domain\Policies*\ADM*.adm` - - `%systemroot%\Sysvol\Domain\Policies\PolicyDefinition*.admx` - - `%systemroot%\Sysvol\Domain\Policies\PolicyDefinition*.adml` - - `%systemroot%\Sysvol\Domain\Policies\Registry.pol` - - `%systemroot%\Sysvol\Domain\Policies*\Machine\Applications*.aas` - - `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\SecEdit*.inf` - - `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\Audit*.csv` - - `%systemroot%\Sysvol\Domain\Policies*\Machine\Scripts\Scripts.ini` ### Active Directory exclusions @@ -240,7 +202,6 @@ This section lists the exclusions that are delivered automatically when you inst The database files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File` - `%windir%\Ntds\ntds.dit` - - `%windir%\Ntds\ntds.pat` #### The AD DS transaction log files @@ -248,13 +209,9 @@ The database files are specified in the registry key `HKEY_LOCAL_MACHINE\System\ The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path` - `%windir%\Ntds\EDB*.log` - - `%windir%\Ntds\Res*.log` - - `%windir%\Ntds\Edb*.jrs` - - `%windir%\Ntds\Ntds*.pat` - - `%windir%\Ntds\TEMP.edb` #### The NTDS working folder @@ -262,13 +219,11 @@ The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\ This folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory` - `%windir%\Ntds\Temp.edb` - - `%windir%\Ntds\Edb.chk` #### Process exclusions for AD DS and AD DS-related support files - `%systemroot%\System32\ntfrs.exe` - - `%systemroot%\System32\lsass.exe` ### DHCP Server exclusions @@ -276,13 +231,9 @@ This folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentC This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the *DatabasePath*, *DhcpLogFilePath*, and *BackupDatabasePath* parameters in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters` - `%systemroot%\System32\DHCP\*\*.mdb` - - `%systemroot%\System32\DHCP\*\*.pat` - - `%systemroot%\System32\DHCP\*\*.log` - - `%systemroot%\System32\DHCP\*\*.chk` - - `%systemroot%\System32\DHCP\*\*.edb` ### DNS Server exclusions @@ -292,11 +243,8 @@ This section lists the file and folder exclusions and the process exclusions tha #### File and folder exclusions for the DNS Server role - `%systemroot%\System32\Dns\*\*.log` - - `%systemroot%\System32\Dns\*\*.dns` - - `%systemroot%\System32\Dns\*\*.scc` - - `%systemroot%\System32\Dns\*\BOOT` #### Process exclusions for the DNS Server role @@ -308,9 +256,7 @@ This section lists the file and folder exclusions and the process exclusions tha This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role. - `%SystemDrive%\ClusterStorage` - - `%clusterserviceaccount%\Local Settings\Temp` - - `%SystemDrive%\mscs` ### Print Server exclusions @@ -320,7 +266,6 @@ This section lists the file type exclusions, folder exclusions, and the process #### File type exclusions - `*.shd` - - `*.spl` #### Folder exclusions @@ -340,32 +285,28 @@ This section lists the folder exclusions and the process exclusions that are del #### Folder exclusions - `%SystemRoot%\IIS Temporary Compressed Files` - - `%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files` - - `%SystemDrive%\inetpub\temp\ASP Compiled Templates` - - `%systemDrive%\inetpub\logs` - - `%systemDrive%\inetpub\wwwroot` #### Process exclusions - `%SystemRoot%\system32\inetsrv\w3wp.exe` - - `%SystemRoot%\SysWOW64\inetsrv\w3wp.exe` - - `%SystemDrive%\PHP5433\php-cgi.exe` #### Turning off scanning of files in the Sysvol\Sysvol folder or the SYSVOL_DFSR\Sysvol folder The current location of the `Sysvol\Sysvol` or `SYSVOL_DFSR\Sysvol` folder and all the subfolders is the file system reparse target of the replica set root. The `Sysvol\Sysvol` and `SYSVOL_DFSR\Sysvol` folders use the following locations by default: + - `%systemroot%\Sysvol\Domain` - `%systemroot%\Sysvol_DFSR\Domain` The path to the currently active `SYSVOL` is referenced by the NETLOGON share and can be determined by the SysVol value name in the following subkey: `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters` Exclude the following files from this folder and all its subfolders: + - `*.adm` - `*.admx` - `*.adml` @@ -382,11 +323,8 @@ Exclude the following files from this folder and all its subfolders: This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup` - `%systemroot%\WSUS\WSUSContent` - - `%systemroot%\WSUS\UpdateServicesDBFiles` - - `%systemroot%\SoftwareDistribution\Datastore` - - `%systemroot%\SoftwareDistribution\Download` ## See also From 947a9ba43c68cd28725f353265bd7f8b5a21bc34 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:52:03 -0800 Subject: [PATCH 32/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...nfigure-server-exclusions-microsoft-defender-antivirus.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 50ab6ffb26..9abe028b7c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -193,6 +193,11 @@ The following table lists the file type exclusions, folder exclusions, and proce - `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\Audit*.csv` - `%systemroot%\Sysvol\Domain\Policies*\Machine\Scripts\Scripts.ini` +Older systems might also have these exclusions" + +- `%systemroot%\Sysvol\Domain*.ins` +- `%systemroot%\Sysvol\Domain\Oscfilter.ini` + ### Active Directory exclusions This section lists the exclusions that are delivered automatically when you install Active Directory Domain Services. From 72bf5c0f6922cf4b891ed94a462c2fd2e93c4cf1 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 10 Feb 2021 14:53:35 -0800 Subject: [PATCH 33/69] put link back in --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ffaefc3108..5bf680ae60 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -371,6 +371,7 @@ ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) ###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine) +###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) From 5bd331884dafbdad14642230083f450418c2c7ba Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 10 Feb 2021 14:55:13 -0800 Subject: [PATCH 34/69] move location --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5bf680ae60..1594d486ad 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -371,8 +371,8 @@ ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) ###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine) -###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) +###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) ###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) From d358c12cd68a0663b4b4527f338730c1301149e9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Feb 2021 14:55:21 -0800 Subject: [PATCH 35/69] Update configure-server-exclusions-microsoft-defender-antivirus.md --- ...exclusions-microsoft-defender-antivirus.md | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 9abe028b7c..c04445eb32 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -184,20 +184,17 @@ The following table lists the file type exclusions, folder exclusions, and proce #### SYSVOL files -- `%systemroot%\Sysvol\Domain\Policies*\ADM*.adm` -- `%systemroot%\Sysvol\Domain\Policies\PolicyDefinition*.admx` -- `%systemroot%\Sysvol\Domain\Policies\PolicyDefinition*.adml` -- `%systemroot%\Sysvol\Domain\Policies\Registry.pol` -- `%systemroot%\Sysvol\Domain\Policies*\Machine\Applications*.aas` -- `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\SecEdit*.inf` -- `%systemroot%\Sysvol\Domain\Policies*\Machine\Microsoft\Windows NT\Audit*.csv` -- `%systemroot%\Sysvol\Domain\Policies*\Machine\Scripts\Scripts.ini` - -Older systems might also have these exclusions" - -- `%systemroot%\Sysvol\Domain*.ins` +- `%systemroot%\Sysvol\Domain\*.adm` +- `%systemroot%\Sysvol\Domain\*.admx` +- `%systemroot%\Sysvol\Domain\*.adml` +- `%systemroot%\Sysvol\Domain\Registry.pol` +- `%systemroot%\Sysvol\Domain\*.aas` +- `%systemroot%\Sysvol\Domain\*.inf` +- `%systemroot%\Sysvol\Domain\*Scripts.ini` +- `%systemroot%\Sysvol\Domain\*.ins` - `%systemroot%\Sysvol\Domain\Oscfilter.ini` + ### Active Directory exclusions This section lists the exclusions that are delivered automatically when you install Active Directory Domain Services. From e997e54fb27fe4ae4a129091266a8c1b8fc001f9 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 10 Feb 2021 15:35:17 -0800 Subject: [PATCH 36/69] description --- windows/whats-new/index.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index 9efd8ca519..20d56ff5c8 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -1,11 +1,11 @@ ### YamlMime:Landing -title: Windows 10 deployment resources and documentation # < 60 chars -summary: Learn about deploying and keeping Windows 10 up to date. # < 160 chars +title: What's new in Windows 10 # < 60 chars +summary: Find out about new features and capabilities in the latest release of Windows 10. # < 160 chars metadata: - title: Windows 10 deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars. + title: What's new in Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Find out about new features and capabilities in the latest release of Windows 10. # Required; article description that is displayed in search results. < 160 chars. services: windows-10 ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM. ms.subservice: subservice From cfee2a75ccee4e8852218cc62e8e0d6a860f88c3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Feb 2021 17:27:05 +0530 Subject: [PATCH 37/69] added Manage Settings as per the user feedback, #9111 , so i added **manage settings** --- .../microsoft-defender-security-center-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index 427ebf59db..32870ae8b8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -124,7 +124,7 @@ This section describes how to perform some of the most common tasks when reviewi 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). -3. Click **Virus & threat protection settings**. +3. Under the **Manage settings** click **Virus & threat protection settings**. 4. Under the **Exclusions** setting, click **Add or remove exclusions**. From 9d2601f0e7a3de684d55c1171c4c718d19719eb2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 11:28:33 -0800 Subject: [PATCH 38/69] Update microsoft-defender-security-center-antivirus.md --- ...soft-defender-security-center-antivirus.md | 102 +++++++----------- 1 file changed, 38 insertions(+), 64 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index 32870ae8b8..a90cf8ebc2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -30,12 +30,9 @@ In Windows 10, version 1703 and later, the Windows Defender app is part of the W Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703. > [!IMPORTANT] -> Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. -> -> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. -> -> It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. -> +> Disabling the Windows Security Center service does not disable Microsoft Defender Antivirus or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. +> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app might display stale or inaccurate information about any antivirus or firewall products you have installed on the device. +> It might also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you might have previously installed. > This will significantly lower the protection of your device and could lead to malware infection. See the [Windows Security article](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center) for more information on other Windows security features that can be monitored in the app. @@ -44,12 +41,11 @@ The Windows Security app is a client interface on Windows 10, version 1703 and l ## Review virus and threat protection settings in the Windows Security app +![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png) + 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - - ![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png) - +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). + ## Comparison of settings and functions of the old app and the new app All of the previous functions and settings from the Windows Defender app (in versions of Windows 10 before version 1703) are now found in the new Windows Security app. Settings that were previously located in Windows Settings under **Update & security** > **Windows Defender** are also now in the new app. @@ -60,13 +56,13 @@ The following diagrams compare the location of settings and functions between th ![Microsoft Defender Antivirus in Windows 10, version 1703 and later](images/defender/wdav-wdsc.png) -Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | Description ----|---|---|--- -1 | **Update** tab | **Protection updates** | Update the protection (Security intelligence) -2 | **History** tab | **Scan history** | Review threats that were quarantined, removed, or allowed -3 | **Settings** (links to **Windows Settings**) | **Virus & threat protection settings** | Enable various features, including Real-time protection, Cloud-delivered protection, Advanced notifications, and Automatic ample submission -4 | **Scan options** | **Advanced scan** | Run a full scan, custom scan, or a Microsoft Defender Offline scan -5 | Run a scan (based on the option chosen under **Scan options** | **Quick scan** | In Windows 10, version 1703 and later, you can run custom and full scans under the **Advanced scan** option +| Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | Description | +|:---|:---|:---|:---| +| 1 | **Update** tab | **Protection updates** | Update the protection (Security intelligence) | +| 2 | **History** tab | **Scan history** | Review threats that were quarantined, removed, or allowed | +| 3 | **Settings** (links to **Windows Settings**) | **Virus & threat protection settings** | Enable various features, including Real-time protection, Cloud-delivered protection, Advanced notifications, and Automatic ample submission | +| 4 | **Scan options** | **Advanced scan** | Run a full scan, custom scan, or a Microsoft Defender Antivirus Offline scan | +| 5 | Run a scan (based on the option chosen under **Scan options** | **Quick scan** | In Windows 10, version 1703 and later, you can run custom and full scans under the **Advanced scan** option | ## Common tasks @@ -80,55 +76,41 @@ This section describes how to perform some of the most common tasks when reviewi ### Run a scan with the Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - -3. Click **Scan now**. - -4. Click **Run a new advanced scan** to specify different types of scans, such as a full scan. +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). +3. Select **Scan now**. +4. Select **Run a new advanced scan** to specify different types of scans, such as a full scan. ### Review the security intelligence update version and download the latest updates in the Windows Security app +![Security intelligence version number information](images/defender/wdav-wdsc-defs.png) + 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - -3. Click **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version. - - ![Security intelligence version number information](images/defender/wdav-wdsc-defs.png) - -4. Click **Check for updates** to download new protection updates (if there are any). +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). +3. Select **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version. +4. Select **Check for updates** to download new protection updates (if there are any). ### Ensure Microsoft Defender Antivirus is enabled in the Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - -3. Click **Virus & threat protection settings**. - +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). +3. Select **Virus & threat protection settings**. 4. Toggle the **Real-time protection** switch to **On**. > [!NOTE] > If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats. - > - > If you install another antivirus product, Microsoft Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md). + > If you install another antivirus product, Microsoft Defender Antivirus automatically disables itself and is indicated as such in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md). ### Add exclusions for Microsoft Defender Antivirus in the Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - -3. Under the **Manage settings** click **Virus & threat protection settings**. - -4. Under the **Exclusions** setting, click **Add or remove exclusions**. - -5. Click the plus icon to choose the type and set the options for each exclusion. +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). +3. Under the **Manage settings**, select **Virus & threat protection settings**. +4. Under the **Exclusions** setting, select **Add or remove exclusions**. +5. Select the plus icon (**+**) to choose the type and set the options for each exclusion. The following table summarizes exclusion types and what happens: @@ -140,34 +122,26 @@ The following table summarizes exclusion types and what happens: |**File type** |File extension
Example: `.test` |All files with the `.test` extension anywhere on your device are skipped by Microsoft Defender Antivirus. | |**Process** |Executable file path
Example: `c:\test\process.exe` |The specific process and any files that are opened by that process are skipped by Microsoft Defender Antivirus. | -To learn more, see: +To learn more, see the following resources: - [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus) - [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus) ### Review threat detection history in the Windows Defender Security Center app - 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - - 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - - 3. Click **Threat history** - - 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). +1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). +3. Select **Threat history** +4. Select **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). ### Set ransomware protection and recovery options 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - -3. Click **Ransomware protection**. - +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar). +3. Select **Ransomware protection**. 4. To change Controlled folder access settings, see [Protect important folders with Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard). +5. To set up ransomware recovery options, select **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack. -5. To set up ransomware recovery options, click **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack. - -## Related articles - +## See also - [Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) From 4da41b084e93c90ab8e2ce968519aa903ae3a8fa Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 11 Feb 2021 11:44:20 -0800 Subject: [PATCH 39/69] updated link url --- .../microsoft-defender-security-center-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index a90cf8ebc2..81bb63ed13 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -30,7 +30,7 @@ In Windows 10, version 1703 and later, the Windows Defender app is part of the W Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703. > [!IMPORTANT] -> Disabling the Windows Security Center service does not disable Microsoft Defender Antivirus or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. +> Disabling the Windows Security Center service does not disable Microsoft Defender Antivirus or [Windows Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. > If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app might display stale or inaccurate information about any antivirus or firewall products you have installed on the device. > It might also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you might have previously installed. > This will significantly lower the protection of your device and could lead to malware infection. From 8143cdf7f4cdc55707941ac5484c5e257506034c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 12:16:40 -0800 Subject: [PATCH 40/69] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 6a64647a0c..78039bd903 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 01/27/2021 +ms.date: 02/11/2021 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -280,8 +280,6 @@ Check your cloud-delivered protection level for Microsoft Defender Antivirus. By > [!TIP] > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus). -We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivered protection settings. - We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to edit or set your cloud-delivered protection settings; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)). #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings (for existing policies) From 44817c6596a509f58abbbc593d4b50a341e7a60f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 11 Feb 2021 14:12:23 -0800 Subject: [PATCH 41/69] new section --- .../microsoft-defender-atp/web-content-filtering.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 2fcb052cc9..5f5053a910 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -97,6 +97,14 @@ It's possible to override the blocked category in web content filtering to allow 2. Enter the domain of the site 3. Set the policy action to **Allow**. +### Reporting inaccuracies + +If you encounter a domain that has been incorrectly categorized, you can report inaccuracies directly to us from the Web Content Filtering reports page. This feature is available only in the new Microsoft 365 security center (security.microsoft.com). + +To report an inaccuracy, navigate to **Reports > Web protection > Web Content Filtering Details > Domains**. On the domains tab of our Web Content Filtering reports, you will see an ellipsis beside each of the domains. Hover over this ellipsis and select **Report Inaccuracy**. + +A panel will open where you can select the priority and add additional details such as the suggested category for re-categorization. Once you complete the form, select **Submit**. Our team will review the request within one business day. For immediate unblocking, create a [custom allow indicator](indicator-ip-domain.md). + ## Web content filtering cards and details Select **Reports > Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering. From 697bea624944a8cbeff0e8065b4599f8dcf3d719 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 15:37:11 -0800 Subject: [PATCH 42/69] adding images to migration solutions --- .../images/mcafee-mde-migration.png | Bin 0 -> 23054 bytes .../images/nonms-mde-migration.png | Bin 0 -> 23342 bytes .../images/symantec-mde-migration.png | Bin 0 -> 23235 bytes .../mcafee-to-microsoft-defender-migration.md | 17 +++++++++-------- 4 files changed, 9 insertions(+), 8 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/mcafee-mde-migration.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/nonms-mde-migration.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/symantec-mde-migration.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mcafee-mde-migration.png b/windows/security/threat-protection/microsoft-defender-atp/images/mcafee-mde-migration.png new file mode 100644 index 0000000000000000000000000000000000000000..01fb4c8c220a73d3e9ac353d14a286a473c46b96 GIT binary patch literal 23054 zcmb@ucU+U}(YdIvES=_T~4(v%Veq&E>kA@ts(AcPJA zfly-zz4uPo2R!F|&)IiByZi3%_XkgsC&^uA?wPsfnhEcoJ(VZ_gZ>W^5)yKS$B)!V zNY0g#kevB-=`3)Ep1oWUcsK)BlYdB(-vyonUYxg(R+c6qDT=sqXmSB~ec9o$E}Vpf zqVeSK4BGyyDG7;ghQcFh4R@oZG2<}spvR2Qc$0Rh!G(HVX8uC=Ys{}+JP1ft^C61bjQJ0(Mi!N5 zcSTB3-=SZ5RwN{^=w{WRu>v~XpVnP%`=+ypY8-Nl1+<-ji8_?NG_2tpn|2oncsxv! zeLwFyoy%Y!`p|*!3m@H^9`d2+SfP%p%Hh)sbk#CTl$>u?gKy_8D}=uz1^0GDu-oeD zt7QEvXk9t`T9!`qGX?wH>b$$rF@}wi${<8eHUqGmYE%EIk%yz5_danh z$Tu^uz#BjxOjxV}E7(r;JcT%;*He9oNYF zxcIg1H9h!(qm%GaLn(8?Cb}}Er>d%-}(2Q7_eWLZpg|D>ww!>o|kbG{2hy-(=-h)*4# zy|LUtdAy;(O2W}hEX7Wwu6oz<9h+Ti1c)om;9>-*45Nid-P_2F82n$ zJLC==s@<7j=e~YBdXs(UrP|lik`d>GbRBoQ;k#ySaL>C`ER*Cy$V_ z%~0{Bm6ngg@s;S>;K(j@as^4UnZ%%F$TGW-yR}IJ9{s$9_h(n0Bq>}f&#RBur&uFprVbVNUr;S;z!APk{lKr3Tu*u z4>^zhADuXquuq(LXwB7FZWBQ20zvhsUgr7WB{cBfD`xOH;Nispeiubt;lASMn(%4* zYyIJ2lGFZKl2`RfE>NNrYODEmf#K(`A~}8sxPhrnzY4E9MM{W5V&lK*=#KD;JoM#PH#N+wloP z@Vm3?H$xK5QgD@goW><6;!H(}>J1@`=Q30NKD=Ny;+Xj5c*@UkkMj5^-0%2{hSWlP zH!30J`VHBe3)nW5sRT!7I2D4@dx=%Hv)Fg#z`nJ0&}JiL$9F1%$PRj}s-DMW>@MGh zqThJ&-X+UZJI;z1`06~4SmEMf4rai|f1mW#3sNc)aGJbuxyHr;thvx4+>h}8`;lgp0S65~A`or3j?VHj>A;+AngL@lAo`NnO8IKP^7~1@ zWo%d5ulzO9cRtxTdf8B!2i%S_=bx_#fp`;|6+!9x>emq22pW84cZ}4Tqt$#}w{8O> z(~(=8ue)||R3MXGp2l&wlCeL2x~k@-oT0P5)JPr%J`qL78lGl5rm5nZvGgMCL?Aqe zLsK@-aSOvCA}ooGjz^`s?%ARXU^gv`=oY%lSuN6(MvX?56! z)7WvJjhq`4U)53TK6F@5d;z(6%s7=+Z};)&o|}H-GQE-W9|cg1xLaJuna38y`E0-< zm*Lqn+4HE|?A>hh%2UH)XSfvFsS>Ig+1@dvM~#J7h90SN1eWfZj!Pc$4__hjGAW`| z`@M%Jk0YI5LK%H2R%W<}{URuiv4TWTsHw+(R^omp3T5Yh_vRp+I9?A*0Sv`d|QcSn+)caM@sJFWSpJ6EZY1I@t~C8*s- z3fkD$H?1CK!B#8*&xsp9^QE%|Ux^26g&$Of;DlT3`!)v!_|naBFVL!ZabanCyS>ZChc|(!fc9fF z|3*M&8cJ@oiI_d3f2cQZe7qs4a%+B)&S7|x-z9*s)?R!4#&Kt}+0CPzy2@!C;WDBZ zk1W>P8ZZ0hFeLicZg0m8O&&nq$h|4lws`NZsYQEd25ut8;#=ls^;>7RlS9|vkY*Sg z?ex)Shft@eueg5>(%RbRJ$$3lQG6;2lLgmFNjsDwD)1(Y@BYwQx>i=$bQ)7V@yi?UrC9kzL$)zH?&cDu79l@`m z!o4njJ880!YMZV{Y7nb(Mmw#7_6CCVfw6(>892mwy_bryHsjj-`@(rp8@p^*YPcB8<@@VSiLu{#(-sw5p|pgxO*rr1#GU=d{ZPj}aMp=n zyhitRsL0S+qiK1^UUxf~%n5$St=dyftllcJODlrj+uw@kgzaqIf8ME|h^Nq;3Dv)1 zpe0?#*B~fVdrPN(ID31`KDGKsoW`PwBLzgW4>h#C#-FfL$pHd*CB&3ukyDy9r9K8Open21>up>c2x`-hPbKew=Vx<2_DS;rE}i^yK3}!0G<- z(97`ez@#OyLwP!g9D@*ne$`%>$R_vq{#Dhp@%I80QgD5q@Cw_Y~eh>~5E8MJDhxM7&qMmwyJ>F1Px&^r`%o zLLI!F_x=FjNMijT4-OXme8oVr01o+1^Zj@Ycf5%@EZ{!Iqfl!r#~N|?y|QFG1#xd2$N*qPl12-NhuAq+VCtFnGU!TIrP4fS3=GsxWw6qi#v$f@d<6G$BE~uRV8G9`WSvq-V z(6KHc5_<02+1a&KZ+s_Zif;y{YN>|p$2SX;KHpvdbw)n!E6lKhlbB=fCn^^&mrCW_ z8RI2>&2p|Vl^6O&()?~jB_=&zuITxKxmCA0>hPm&(T09gMuMEj^M_zXTi zhX&Y}=yHNZY9#x|hfqFvh2!}ESPr06AaS9Idj+2vzz2 z)64;cyKW%)2hgl}S?I-A2m*5SWTr=cjceJQj1teq*EgGnvn(;|eGv>$he`K5ADt9Y z&)JqWOs*sU@3jh{PuBVg$onULzIZR;_@i8MKhJDThnq%$5)5^I0%4RgO;nly^V7Aj zomWY25&dA@;ZVDuCm*!*V(&+!eDk|881;#;fL&EjO_}M^U&BLxW;-NvwC6ZJhDvS) zC}1L{v-^VxCfU_hqxqC6dPa4#$bobNLOoo(HVXnTI+Z@41Mbi(+b+H)mNN8N_ORAP zCr8{QroS zhLTR=9vea)xIy9kHg;-K3i0hn?(k~tZFW4=*7?rioH|BO+_m5MQqewd!pu)Ld00TF z7!ndh$P^(5d#nUD>KMKv>tmVBOAJ@{QHd8XZ0g=B*4(}cS( z>D{ltd#nf93jwk8^C=W?9+;SdkwsJtdY(voktZ%Yu3ZpKMbN~n4vcFki zw253U{zIy2tkfpDl(MX;`B^v~yDe@)`HgR6to4mV4wW!r-T^E+GW1!Z>L#D2MQeR! zTqxRSQ8;7rd6qtK0v~V%sHPm}G_&Bb&A$Qz#f_>5ig5R1E2~u_r%jrHB`MiYZ(l;2 zEej()s^hVBz`l*2Ii zpLrTK8D2Pyu1;8V485#i=zeXT8iS0B4*p}ueMg;fU1e(fKwIJHTVC9YvbfZ>bI19= zO-;I@!STA0Ej1ZkMLdNejCJy-^Yi(h>=&?jVX%rzXOX?qdOo-tiid8;ZRz?#rIhOYk=Xgncw6i z#8vBJ#8y*a3cYw3+%<|zn!=;K3QNn)7?A@+kdeF_h@+euMt|U#ytKE^7ZG0T$&yY} zUsB6s2`%(Bz{I=0q}3t6EiAX}&Kl!}B;%G(Ue=&rdeInUim=kG!yAk%-rYE40doQz z+EG$Ai*$3?f*Pz=Z^zPyJm`bs`>4Ct=f=#wBWWU}e14GM5e|wXTrLvpP!G+sN}Uiw zyH?gr>rgaz<`#$uFX4Trn(KBic(D}Qr@5XwxNRPAO(0k8@YZ|5(77HVj)#oOq*;@7 z!y0!h7CYyu3VoTJ}@TU*nsev~L+kkyv9Da?Xo5JePrKbbM;1 zor~3HvwRa}gU91zpdHvo4gAPe)`v@$4j*Fl7=9k46u7q`Ouc8heIb1xFko|eO4@y`E9wj5tRO?YsqDXf0y9|U%Sk|X z)@7;g7W?bopKiYM5IMU4B^V$7r{Mn#GqaTm#_&-o2{JT{?cYIat?Sg$FoPpBzaSXZ za9sm6f5i*5&~K}+!0Y&guf3K>P1SR`J7v}4(S3Em-e;kb?;#y+y`T17%a2|=7);v{F74AHtWi9?nZB@T@fYz(u6r+H%WUPQ(ZoWA@QYV?5+=`ZKWSSJ~>uFz@Fk3iXfN)%tfR zYxs@x>pxcl?9-`x`Vyy!i^Ea-*DpEFYS7yry>E5^<1X5f zq3tk+PfQB3FPV6bpTZ5uF;h!PRsYe)5=53{?{I0(i(Kncsg=cX7$YqL)*tS(7$H3( zdv7?G-LcYs=r7GnP@=OQzRyD`*yQxYPd-m_l)sF&>x0RwV2Lay-G--DJuL;UIkZ+o zl9ysQXQB$N2ziFtoY*t?%7H{adMnWy+Tnv&e@03bsrNg1@)UsuIRbbL+8CsREGVpW zKb&LBQOy_eodDvXW=noj0-A`SAV+hMYbPCE07bMNpfw4}H&0GUJ|!L-{nln9N3kf| z-6tSQSkv0_t(H$Q-D1wdV2ursx&HcnD3sl|XuzNd$?Zpv^XJ)*RajG?g^gLj32sE~M3pQ+rU8D7uG1js;P+0Gc}CrIe#li#V}0@hLu=}jYCcxV zLd)yME;eQoE_fVQs{B4;U5}Jxc7D0tEzjyPy65a)c_uLne|_;Lg^|VD*YEWWCLd)+PT{PiEmH*faH7a z-y8fB1$)PU=Km7hZ#?^Ll;za(o^24+JP{uWJovXi_|ME*um3f(H!~&Gqkm&<0Ga-m zsq;ntiK|aB@c-q^%Qk*adlr2%BlEPy5U*9G|a+TgBIG9*w)QbykQ-kBb`)-2)yCm7{X$+>cAFuTw9`2<P)uT2FGF!xkbUd$h8)No*%TAg zQ}CpTi@~BsfZM4yN2SP-5%4u64^$Qx7e}k$=pQdo`}4?xCq#ypu=S&rv6_myx}`YM zCsCiM^ft35)_dd%#;@-xH+h`3ELy90GKO)QHDH?h@e(Ox*SGvI?FGT$q}1^$6+1e* z>EUK;YwP1P#!tDmzffRY>G0jy&Lq|>UwXdiZt4BN7GZ{5uC{sQ*w!Sw8Vg~ePC{Vp z_bZt38w@rWC)%mFGJzy&(Qc*_YnpvmV$r={TLU60@?I=f5NeGnV!0BzHI+qSRHR=% zt?jHnJQTu9?CHN2th}WfWZ6MhZzx^l$alImrqOB_#R=Qig#whF=%`}@s6*CPGR>kS zD+Dd9I{mZ6vMSr3=AlisLSB_&Qq1=aQ~mIV7B$ioHPzG5v}|v2tLGXv$?~TnC*>eM zsm;rle^cYOk}3k16aLbbDgnyZWBg|RojK?s18ZozayY9EoCO-BjWX9ThNvcUKGu8K z;If$o&BGa`eWg#b6-35h4Q&3@A*r>s^>ur7;DpCAW+y@HpG17P+{v4t`@sJ9(#5@Z z9pLa1qEPd>D7zziv*^!_aoW%QPGwBQj*rJC>(e=e{|LN7^Evw7J`H0=@ad_QnnzI_ z{rY}xNGsas+Fg54<4FnYm1L#Y&hp;I4Eqe%$-!jI4yI%pDEJQb+FtBTf@G3zv!BY^ zKg&K%M_-@YNY`<1-E2;^@57fOrjvsE115tiC)r}#PC%0R{P_a99uF+2vNCa#7!+3? z`vI@z+6Y$ka|x-iwT9;MJ#!%e2=O-u#bJx3ow!^ z2nGZx2x@!CN62o*-We;EcyQuGBm{rCJ^5dLU09kRKqtdf%h{rICsSW0-++pI}B;nv~yE+sy>)_b;wGhjXtB=lO;X*sSI- zRczQ6!M721vjwi#w{=F^e?fve2b@gF8>2espD9~ovvF!-BqQ&^5mN~12qo=ll2c!z z-tORiO!T4a(GpxvXy&pSmc5*_pQlgr7#8ult~596vKP-XyG@?@fyTtMlDgp>*SezO z7er$fQ0&q(p>(^5JXd9e_=o`MZ-+9Ey4Y*Fi6c6k5zOK2FHB}{6dW#TbqUT=6`^?_ z`flLTT&1K!k`MVy%DI}5R`@9~<@wUuTCt(v1^wW_fN5s$vf3ZKSKg%B^+&48%Z%k) z^jvmv@RKOSVq0VhcW_86y>30pe zJ+3-C!_-Z|J&Z3Fez}gNW1+9Y(RS4@jy+*XK0;+RK}|6t9nGf)U!9Us{KTZS8Iz95 zjb$9?dfEG&raKY<-;Aqq>xLjcQJ?1>qmAo~n$$;uGfao`Ld^wK)hL5m+LvbV~_6_yeh1W3pZMk_)Fib9&yp0f#ZiR5vm{F3gg?TjH^V zrOmD)`P!Fm<#&H{)O7UT!lIP&|`Ja_;GPV(7s$M^X=jn5d_I7ME z&Rt~kXE20*&OfF6I&`Q74_ZfC{@lqc-4Rkewmw=sV(9b`30MP&a{En4Ro!p0?*F;7 zP|)7X$O3>hhcE=d z1*QPyHQ=ej&_>CdleA4x6yO~$7T>km3Dr zBFyW-)V3LsH`U_Ag+ zjTvGE&s;*se~>s{xqQmM{ylrwh+bm?@ z^n}}yIM2y%uQ{K7%~MAbf;)_quU3$jcu%yj1&VvlU-mMMk!SLn`0;);dj?$7d<9K4 z3+&ctW8Ls>saz5AO2_;h_IGc?5I}*2XlM#b%`ZAX94hvKjq}L zN7oH0Sig%0!`w&*S2Cl6VGDeW{%e&fNvN|G@B;yAw`IyAr`2CQQXt?+NtyW*iJpig!K2@@;*3)tCM|MWAQrfu)uxQM-!joz%91{?^ z*QLK=slDjEyiZy}S@M0WDB60BL{|JM%Cw@@z*RwIq=$2qx<;ykN9?`Xpbfg!_oB*# zT$h|wgP`>1IzH0K=gW;i>)iBs$WF1Xn0rs@ftY|F+0z56Zz&~N7+ha{=S~R2qOO|6 z#eax?*grw4!Oj%(i+Y8JCttvb0ia=U7cOhZUk3g za1P#W^=RF?V=F?IeQRUUf{psvpImnCS+ic2i;`ZEK`0{rlR~S!HmEw!Xj9B(ki|fJ zdE@IG0g;m<4xR~iYhm0d9?6i%aqfB;>_GLj(qAxi-Kc~&2Mau{yVM$k)<1{C#{w(Do$<}1Y!MXg0UP%hu z?-T-HZ{DW0@+oi*>McEpH7sG^JfIVQ2co-4`Mg*9)~qyCE27Zw34IQqmJRu+&+Vj* zvP!NiR;KDID4nH8E8>}69-4~9O;3MmM@>61jnHpXyQMhWS@ElUVjn9pax8On2l-H- zS>}g&%==6vz;V4+^qPGSvd8;`U{l2*@)Rj*D^=5D&6m-w_)LRYGPtnwV~#K}Wy;=) znow@FGCF5WgX57F1i?^t30+0u!`#jOpr*9&<=I?HSHX!UzNTMs!e$IsM+D3tof2Er zbsHLzWl7krj*7RRt4293!)u<3LCUn-@{WWf9deCsEvfZhHFhr9=XW$*ubAG?qDuOb=^tyZqrFs^*trJZeJcFirwgpHw|beQ{D z3GejlKk?cuUMoT#9DhjqC~VudtuP%{^VIF;@QBhUc2KdAvKUCUps}dkFM`qI6EVp8 zQh{!5iI4zzaKA=pv4E4$4a5c>VabFhIj_QF#lo&4`rHsQ;WrUxF%F|oDI1E6$*TC| zYHy_tPrIi(96m5=d6QpJABD9Y`C8BA(P+P8o0%Gvs#?9UAQ-SRC4UgnlTbC0Wi=8s zG(Gc#vJ}fX_sOneKG^^+?j1E0zfs_%Xr#HckmkdnWc-w1{n?1Dm!_+EP`l*uRn^~% z)#h&~(ie5dCPRo6@7$CZ)oL4ivvOtf{0<|||3}#FJsF9BIo--r{-U7nl{sp43;6b_ z-j9GYem31eB@S?%b9 zb+3M$)>^#ZV3nx2Tg>Ww6JdM8d?bIG$Mvz@nw2umvoB{%XT(xJL?%oF$?DTmD$6t z!!{f6Oj5nYXlK<5eV3wyJL6Ujj$&{S;wNd{WwdY6s^`~g4gR|Gk%)_tA35<@9E0Z& zPDp{KWPbU5r$QWAGfRJ-zZ)TaD}Kfy%!uVb za5Q1VAazK4KhwSr==;lO!ef0#3XfPQb(z9LE1w*ciupqA1bcnBH{4sj?5`qz0%h=_ z_WA*{8=S}j(M6VqwaGRgRI%F8d-Qwyd*FovE4$k}W*x8}%lW_eYh-L3muZI`<2QQz z%tcDTLIHlI#(l=UGW)3{c>qB|`YK(RgE*g?`JE+|;uD5$@?xlrpNc~~kLaB>p%JkZ7`AKWC(KR2A57o?Icu|n`cwB^Uv56ff7>PqB z`TWKwc0Ms9%|YjtJo*MND1v0j{dk=^3NpVA(IU*$AU;A*fv`bYI5+9&Z*LEczYmUc zowRT~w=@sNZXBly?BL^>?_LNXINoIPK5pmXL>hamO7&j%y)gX?4|6mf2YONuZNd&| z!YaGh5u>g}2TX4hPK1*q2p%c*oS0b8(Jx2U@mxV`^Yf(@(rE)E`;g&h{K!~`Fjb9$ zw-+yXaN9}Mmw7lW%0B^UDxTSgcRF6G<1=Z_1!epy-GF|av;*keccdN6%y<7B%`p-_P z;XZhADVtO%=%x0|WxTsnj3GRC-7Y46N;H^C{xGRV0frH&ZwE~jEEVwaZzEL(8yw4N z_>i=bbWfqFfwvN}1cgG=tz?)b7QJd>?Uh6!o$2e=jX_!dmhq~}@jTrZ>f3Dp(w&$T zs|#YU>5wes_?4Ok9H{%!mnEh|Yf=iC6pI^QLPsMP6Jfac$uYwK0@irg8V|)?!Mi^) zhvMC-qh2LU{j5y1y%ch%l%*sK{xx#$V$HO$=>Zv%{NB9G9Y(D<$IdmrO6|iI)HY<& zKdAO+B};-_Ue>*!6OniTkQB{MS%1VCGX;u<^GNv1NpQm8Huk?)NdqXx>YET67D!kP zaslta&vzO2WF3H^*G0r8Rf-8*11kr7!-=MVSyNck{ z9uh+npWt5Dl!g1}i17%=(FfvA$_qXeP4|U$7lie zemX2sRp#*!nrdJ+2tFv)L*!X+gWejZ$>5?QI)^Cg;fJiDyC5cE?j*Zdx))UNzpC5b zH&1=0oU;1*xcnt_4RZlen9IF9lKJi#z+kFKjU6o>6S7~F?=F*4GDRz5e2_~8l5F%( z*}X#AC_3H`hjohOY~LvFy3*hn$JJU1c%;DyH-y+LhYr$pSAXWaynqLaN!B|6<0}l1yVu^=$z8p}3|_g@)%x}ytbsLR zhhF;gtA7&=0Ojz{tQ<%}y@)@#PxJi$J(*Co)*xs+6(m~UM*dIQ0a)NHIndVhuT1~H z-ig1FFY+(y;2J{k4v@wFgI@qh1E54I!|;DaYfPQ=Y-LISe8kD;|6(Wx!5I*s;|pLO z{^Cl2r~l;+Os#VIU(|^_wE6RCEcp*d0;G8o$Fny@-~Jcs<=hGR@Q-Dm&>{`mRq6ke zQ~_2><&JOEpplpI07HotJp=+V8}rzkic`**<6n5XTPLCGX5@~)fZJUx={_k!h5n~L zC6cpE`aISrV~7jjv25TPaOaBMjJu{|blw$pEtcj!dz%15H6-zDuZiE6 zWd@yEeZ1D_wzB-}Lp~+ZWpYO0{~K@j`!^$R97YGqtOxlP5ed@MXJ6G<`W$RyT8D;* zhlhqDv(G%|zls>C_TF1paYc79!_Ry>ymx2&aBpM%JVeBzJ9P};_kBpdbzDP?tmECS ztrxmxfohap^L50T%~lLjyYt@2@NlAEpBpPslro*Jb(#uUJV#=Va2SoHL=)=LOx6YQ zv=6%Dd8|{1?8a;FEJS}RVb7YuHwI6iuK|i#A}*b0X;wd8##aJurPU|JwdwO$j>8Xt zI#2qiHD zUa{TxQy7<2lIlcFsvSO+qvEPxNH(sOuFRxwM0k=ILPcgq#sGpjRbnCa+Lf+k5vnee z=rGi3N(F`Y(gcB1&+nBl%<{Y3LyJfn&rC(+n+`Ej6SyWE@> zv0#DuIy3Z(SR-ORLkwFz0|B={Cvgi2nQzwOmygDTRA@m)N_ZUEwCV)fim(T0k-pq^OwjnJ|{d zRqn640HZ)+B{lb7&Jb^Lf`MjY*J)r%y5qUbbf8?6bo8b1VvVgxO;~mp{hl7$RXUZt2t7H8)J2*@V<&yM&Sp=ePH+ zqMEx{!4;TrhehfMCQYaDK)Cvm<}Hidr6nWrfG`T>p{E(^9dq9t-f9`NCJ{)Gr3*cl zzQ;M{X4cm25)~D_%bSXf1tHeCUDdl^f5>y)=aA4emRS0=!MkaLwd^nDugFvr)f z+aID=fx*6+)cEc{L$+cBbv5C8-b|}#jII|WB09JwRM{@u;ScsDPepg0CxR? z&mf~Y0 zb|1qsq}}&=j;>gpYn|j`{goLCxHuCUEx$1hynTQd=?Xxvz|? zRwA1P{O5HQeK1P><{xksb_EfM_W(-~r9zZMJ2}*7E#}4{rDh-Xb!@%PVm}Pj@XMMa z8u&VzZ z_%MM=&Z9^rbfebMCNtY#x5xCuCc@v@Pa;A)^;YR1=_2=X!V2eLfia{#sX~f41zX@C z_1m(y+s)fDt*x<_EawbGHIB)Y70+rddNp(7-@s&~KJKsm(f<7s!(lz)+7IQeKxXUg zg89BLmZ?3;6&60zl=#X#x*(W~r&p`-Xis$SSFPyj!cY1ouU&M5CvM&Bn%XW3hpegeyq`CCU4D%8UeaXqM z{SP2YtQYN`}|I@`2}wEeY%EmNDW>PXbCnjvrG=t!1?w|;=-Q)0~ZYW4`k z5_`&~5IS9^w<^j-VEzckG{QC%$Y?i2q3J)r$S(c4U%5LgZsz*${kl=)l-!lro1n%R z>2J?u>gIH*K)x8O=FNTkwB9lG+I9K@1DAnfp5Ia;;mxkwTaINBzw;mvCS&}zq)~`n zZmg!hr&Xp!C=Yr(r|9-(m`v}~w=NBA+&q$kr=<&7n7G0x5so>$u!rp}PD`lA8J#)f5#JedbmUZxc{%@a@@JN@g+qPRgq0&6D_Jj}zu)VLG0N;5wp;<~9Ie0?C(fGt%fcWMC2+luf(t7)_SX z*e9SV6p?sKmm;cp^E*Y7bD9lJpontxd)~5(U-}a}V#iDOWT1BK!Gw*OZe!XpAa+=Nd%-!<7HrSE9AVl^}4t%jU+#;jGCB>7Bui-PnDyqD*g| zXQOc9r9(e`@M8&9gxBXyf7;m4FR>$fP^l6+t|FPMp5`+1hK4W`V`Wl~QP1*uu^)F9 zrzh_VPh7?P?1Lr6=0Rm`81WHE|7}SyXpQgwX5+x7PUTcX!oA5eZQUCJ9af%T|DTL6 zN9gTCmJ4Rqc;$Seuxe5te5TrBxR+bIb7o*EVamagMj1ct0iSfp)NQ9UL8&68_yPsm z@7zuRnlIW~B!AhPtSsFH2X{*)1g`R)85tR&;WJ>)dd}+V>bgl&G3R}#?^i$9{SD~4 zDaqc7`wlZ^23NQM{X}9l_ud(=v0r7j+PlI$4q&m_<^v!u;aHRR7-xaTJ($F(_cMA*j1w%!Y*f0K_`&-ty@!dAc@wN7>RKv0}na0N< zjpH>yJA@y{=0i#0FPZk1YaV2a`~d{5j_54_Iv%PYVmrvh=U~Mh>a~7OOdZL-cS+*G zaHE70YapK)AK$k4HB@4;Re~dM<_A8=ZAZb$l#+?pEE^{Ys|U+NVR~=O z?~~n5hd99pccJH&m-^@YCP?KO0xdnF5y&{ht7p21hZ{I|LMu}pXk4Ug9_a@s4A$3~ zd@5n0P-^ohrA(Ck{IljbC+IRWn9?M*PyPto_uO3A=Q~xQ7oPXM==hEAn`GqZ1a$p@ zIzyn;&Xyv_ZK*B7jxzJWQkIcd1mv24Nz=}??Oz#b+{?&Eu3oCx%E1_A^A$F_gX>VQ z+`XNPoqyonuO9bHk(-+jkrrA5JqItVcjHwOo_ikNo6J;<>u4Y$-n#FhjmCBR5yImN z4jZ~*rZjp1IDvBcmtsH0s!?O>ms$?wE5WlaT^QTqA~ z)yIzRI&j`1aQbc9?Z!f$zu_~eWacz88#KnnPT!+pCe7+rn5tTv9_k!NGm2#=89?e1 zE~7gqRV)%sfr$cDBrON?9hW$=tSv0$>yb_$9c)#0?Lq*VkLLQ$?IF{Sn?b(O_Qz%R z_VFJV^W&V+^7&>Himv6JKF^}VBqv?9-^xCo5y-n8s;a-}WsjcTTaDu~DL zk87&;=1C4XELn}Iru1cy-nr921k+pT!d<8B$%J40;tf!Je?AwMh1cfOLj9Q$nso}}PZ#H-+!Nul{5EQvSi zA~KziF6YcS4u$w_Y!0VJjg?UOCsE`bdJ3Tgkrj1bq-6tRyO$~hM}z~}=8vs~!Ku#o zZCw;A-_p75yep~lvsbsuP+mAr!r=HwS3Rl$RY0aRuv5QN$JUm1*qYW7w1(M8KscL3 zzw_H_juf3WW6PyTc?1$qr%XB5Y_-*8B9dehwr%4ymTu|M0JJ~6((OU*2!8b4!+P!t zSw4S5T%|l-h1`gaFl*eM-|Hw1u=#Qmo~pI@F|JW8OAdSA`Fh?|fDHQLP=HC0@V$lG zQk5u1Y^k_O0PG`Ys$tz$e*|uj9rVgh2e&^9sJ`Ra95*+;05?W$wvFugIS>(d=tz|M z$r_649zKXN609cgbX5i#>`Yu{Zw>#teB@X`2fD%8;Ysn5f4OKpU+g}w3hk-XDY;uN zeuUKniAymYLxXxBob9>RM8i%ahK^v0BPS@XCnz^tVQdt~ua`v;8%6KCmbYWFOrl?w zT}BECDIkk(0?joT8#~?Mu}^k`?U?&HV?05x1M5DwQ^`RudIDV!RfTmMb2F&5ASv0j z!=E+$M)fmsCq}rR6!F^Qd5OUXd7&~*VKWaqhv3|j_VKQXCj)tE@sHX^2rXFg=Qa)O zI%B&0G?W-#9?ibbV(&`O+s+?L=clY7nk}h7S40ohQ1|Ts`c!-3! zirtHlkAqPLBfyWtK5|N8iIY>@s7qz_Tah-vKNyL)hWK*w;|~%6pfj!SwA=HW#!0Ww z$-i|Oj}ePGX%eFXUQJWu-NAsxS2|6#0S?XY6Of)6qI?ZKf%g^%+9ovWb8R#>oSRmc zuOZ~kudgQDv$%C_uoh@m1X??z^MP)dimV%SV)2hIqiqxL2YlcpQ=U7O3GcclflkbQ zASYG{AY6-Y;oftL2YLx5y?37lodNn3-$|W|GuU~q_W5>DYo$n)4(ok>9=@!;W{t$j zzRK%}3`@T&irl@j(^uMKa`M)K7e-Y^0&V?wu%y6f2G!0A4fabPhpVZMgP+}t?!)GM>0MqZY&PHyhFeo@x7W?s()(MTVmTQM?aWrk%u zcm=QofPcNUUA_UdUba0x=^W*_J@2k#oEK#-J)0bU*IBU~Tx_dzNk3HA<(r1DE`;8^ zOtM6E5jWxtw3sgdnfrCG5nV&Wn8{<$0t!UE+@ZF)ni^Wn36c;_9vz%yT?Z-z4}j>1iDbKHVbpV= z?qGbFpd6cQ0;8iwELG7kMTBQ&I^MNIGxhN?G5S$_^KLyh--3TN>>B5MHa2!}wfK`K zMeQ`U7Kc& zP1QB&8v>!`ZKV^A{f>A4=8sRMOTjj}3^KimZ4R-0l0`PsPnzZuT)0Sm*ikH4o5onDGjs&ojD(7}Ynw{q@yf9{X>$YpPKj=@ekm-Wv<( zV{8>@C!=)<14EZNUvd;D+~0RP@r4wF~w zC)D-g#NophY|otnBvYu`^ul|mUf>GyQ|kvJ>OF!kEzM9;w#6t8CqWG5$Cth>O#uf?L;g}b4`@}j;lq1Z% zbl$b!cSx4(A3A1hC(}q-zT%M`%IE#@xlhT-O8l%CwEKgfmvH|y4o)#+bfy#iLXbN- z-F5v^*i)-sN?9MancM9vWkCSQOjdYyY^iqlGV|O?Zfchy_OFh1@b0MJ0hETtUGLL;qNV}X6VslC_fdV#qPX3Ds(ZW{eXg%UL6L??6Jb!rk__*TZ;R^op{D{3NB<9^)UK_~< zKiATXx&#x%0hnW>*Sg1-CB5h+hf@Rtv0Gv%lI5&m-u{-|G`H_p9Df|`#)%h*}p_dyUsj*F)GbL0PECTc16$1!d>8gMo!4%o^yRoek&AhhMC*8 z_gQRho!u&C%dKvqyW8V~RZ1|bb0$fe%rC8lZR;(N4CxNe$?MCK=?~HivR~gX~ou;cQEy)r``8D|bh( z1^%6ULEF~xgOFj-=$R#8N=|lLNwe_Uo15uK&@ZrFKZ2QXdvFm$*uHQxI;V6{Hv*fv z`bJ_%6|MAkB-QtF-z9cQ#i3J9d4>HosaM`)YNSj}g~C>HGZ>0)Dm#RklaRC%E$f|t zw*Zy47MP^xd-(MPDK|m^p{aSaO$GvJ{(Jp)rv628B)u9zhilW*w@_(Ix`!3%hi5q3 zB^JgkfIn|sJ5(Y}fwi}C-%u5bdP$IAk`1ikSlXoocCncbV9ShGnOF-j`k^G+5W_CX9XMC%K=ux?2cnU&+n8nTM6xc*IJH)ATJFZfCPX5r?$btl(tuF zVop72nPE=pH&q8yv736TkgJoYUnBWw*mW>l8df7{1&BZSonW&)P!8a?ebRii& zK)ocKaj{uT4vF2yaG9;DR!I$vxY-1S$ZKq!=RO3f1BKiPSe%%tQau>xmwo{xqIF*c z<1Y1AdDFYjbd?l`DGN!P8`aT)pP>~Z4pqYihHwaEhi@u05$xjJ5^S4zB>XWz4AVUw zxAT%}A=2}4$(DZ`7!i3@Iz95UT`H`hX0Z`HPa~14%TDWT3K07~uGdj&qH5-0+eGtH ztP>L_S;6^n#;ddR8jnX1a=OVe_sti9Z61(h7w^XjDy{ABx$ab#QRm_1CwQbNnxA^!R zVnm9OV~MSqnyR#OH;5McmZh`E4rv0Gh(iJGnZsvZWr4|yva*u413v7m8e8qf;`cZ< z;nac={RTr$$f8(_yc`0iqGBik>)LCH;b2ki%k#3NJlih(iAMT3mAN{}TxHOA8Dimo z<6;b8Y>>cHQ+!QvZOf9JN%D{nZ$T0NKmE|aP7V1t2lWiS`Im;>BPKaEmD*Lex%bl3 zj$Xg3;){@84)=6fe^OpnIhDd=o)>1;W3<|6HTw1$@Mynaq5k^RS4CN029R?!*Q#RC zJuN$53nB*s;0OxTFk+6K>RcOk6ROVvBdO1b>uR)Sy8@9JxWt=;LJp!=DFXm|oNH zc!^>jxn?xzLk3L#5-_5lzc=z@g&X@>lD7>hFxJ$dZB4gS2t{MI+CqXJbszMe03e zinzjgl7;0Pu0tUp!l*uF4jrtV($=xba2_rBGCTMxV$2H|S1wzwjCHpZVgd%c8u}%Gj)TG-h zyuHu;LIE%MeYB$$SGLp4;=21(+Tbl$qBI=*I7>+8-`GgD)7;z`WG&g=;>6X9mExG4 z)7vfAQ7#qVBF~JwrQJ95-7rAXX6H=4EAvm$=|{8@OtNntbJEIcxe*TYR%oMK^?q04 z3|_ar1C|W%7GV$MdZW8>ETaU;#IvrB* z{0BHlSTXw6ru$*$Kxwoxv17uq-c1xk_MF-HU;|R@m?DCwK}b#diz*b;f|AZ?s0LWVgqf@{A#&_Vr`xTPS<|-z2h9EWM^lqoBkUcQllBs#yAbF z1YiCJPnAKz(1~k(?gYzX*U^u=CJ(@w9{OQ`YSX;cF|@HESt4S7=Gm$-+rrYM9X7<; zeE8@{0wfLjb6im|DgFRt*cTvqL)p$X9`7Knke!9^vQ>cJJ}C`XMCDCR1W>>3h(V0h z1$P(Tp8zcLFjyqpFnS~Ns;$(3l-8X{Kc>;(#?6#25{4gOLDo%GpGzF|eGLubPyuH~2dzjG zTRU3R%YNziqdMm=wke16Yo$k1F@ZUit_4>VX$(8jx~P{c1}V z`0O+0cC%R`R^!$_(aY0}^&g?al+GWA(xfbkWQ6>d{B$B=Ms_BrX~lNff$N{8dru>f zB@^%1OtrsZmCxy^m&sL}IjQdBDb!f@7s}&jd~tMETR6JR4uI?nutkGjvTPdv2hutl zo_R@MuKNiemRoSjj13YwZASX)dV5kT4D;Zn0af+$m1pGhmoNka$zBh8Z1KE1A0P4p zT5H9I6Pj&!)@-$g*36e5-oDkj3l7nI;ChYZpt7^{@W=aYRR@N+hq~h!U$iGVKjk6> zj0>7BE+<3dy@*iF)+cj`cL64>OuE|tu^$l4KbGE1NZU6UOacF9wPNZ}4m z54|5lJNOFy2cL#)iP%!v83B}QAv&?r4R$|IALc!vxgAC7xwcX?e@>wxII+<*7~;{` zqQxDOLkB+#+NS@rZ^RbBm1Oas!kKs{80d)ylUqc5?G(GCEGe@`g89XtbOahkmCEV)5L9>F*B2Nrd405ZE|vOBy;nw>xZP8#`6o_V(c8jev?AoqE3p(WIU zQQ^jI;me{KA)ju)VeX5$oyeqdIen}8Xxa0mTiI1-&t*?@$Vb-WnwIoVwWhm{`)S5= zobQilb(snZfY}vqF2*s(BQWr9!8#q{9Pn2TLIOOWpJD`_X#-7x=X0fCSPC!yWf@+! z{Q)0GrKUwpM8tP5wV^QZt8iG`;%I57bCLVhb93YT8DRD2@rFToEL%>C5jzdL}$t5mC@cfiZe?2@nRUhi=$-8eL%~2Yz0ArwJ#;;f1lk zsl#!3YF~)`ZhEGQ<+F;`+1?y-l%jm>N4fa(T5-V{O#Ztdv=}g>Z-(AAa4D@Fs8ToaBnUGU|!Z)Vyug)rw!=m*!`Ni3<wR+@stmhW=Sy~yA*ljpuR}QOs_1i7ZungD^U_R|xaZ}|=KH5(cW}dZ% zUg~-Kjj<|om32{b`;EvPf4EChhVrH{L`T$Z0-|iQJ=pdVzxVZ>-lq_0_;!H-JMLnfFl`Z2ky_(Q#bx_`Zv12Ybj835> zpmND4iOcYS%UGQ9X+l|b;pjr%z&Y${K=g!M>3iD`hojzK^9cF&(fUr;BTV8R|5m;& z1eyJqWLvBCt*L)pgErId9zTY}+?)5%7~v$g{UN_nSj~w5J0UN5eAu($zCF0~vgMnv z)fXeB!l_bg6Nj`V7O;x$Zzkyw^Dp$jod*=)L`;s|m4LebwUs_M_Ns_J7kICpEPxz) zhq9{Ox>1(Eev=tEfG;iq*Np@f=#vBP=Os5KCkS|xs7m2arxQkvJ>Bs)lG(P5yB)*H zlj^_gD(-WRsQx>@1n4x?$a}Ruu1n*#vgXOEf7R^}z;!TIJ`BO1;v>niF`T?-E^9Xu zcw>^_Z+Kc)w}-EjIwlFi@Xex62~__gggxEEs-ODnVa^=;Hu?W&f7jF-i0814p91szi*0Oiab5Jbvo;Ba6)r>T;hM48Dos>mOb=xd-UXX zjE#8Z3B9Lz(l|hd*hoVCBOm5yqRgL<)Tk;?Z1N;l_8=~oBS?5?^Vr#;Z9_-Ufdp#W z_MJbEgfy;$G;VM47*G$b zr+SP0qIT5Ae%!9zUT2ept8Qt<%P|0Sdb4N|+%cZ9bleXPYaE;_5t#3rsi&J5kWbK= zbc6B2AO5u_b~E*4eqVhq8CSjQkn%${3{$?T?C*HOZj|Hy@#1NW&_cs91OLr)(6)~$@XvXx4jM%pU9SVwLd}P=UGCY zA6!D{bfH!XiYgO_y32Cy9TKg(jXIaPV?NO$LiEQeo)mlf9X{y^#>Dp`?+Ysq-mzre zQytMKe9h~GiEBr6vj1c&4K*>;nf;->alPj{awHhPEnZbqbP|xmI%z_NjY(l>*mxI4 zgGJ3deEg=T)y&7W|vXb z=G9Y#P`PlUV|4{jp$E36d1ZLq+QmBzP^Fh48CL$z2*tZ@_T|Y4s@oKI{ExeL)=9tb z;@vOoi{&YuI^px|71CETy9lC-Ut<%3ObNET)iPSui@aj~1x$%0fJLRx2RTa3MAZ@b z?jfP>X#JDO6TO_tnsoWrkL&hmu~UT%^jAmxxUNu5S5;rPo9$L&xlQGx*;`{}{b4vW zjg{y#m4uwEJR5{B%q~@mUmIU-yytLi&O=B9bMwo(c0K$Vz*}?? z3sZltBcNV6M{YIAVVCC_@LZ{@KYlM`a6ZkiZOs44LH@<@9kFDjdlGxOmYyk?4#90e zG3D`%lL9NFUM_+?alKjldU!f*i?ABIZdjrdm6hk0)Va!9R^r*|Bp_s=(VO0SBU-J{ zzm5IW_xSK!F>n%`>w==Lct#elzb0INDs88Y$K;if5{4c1WrMjhejN~7orx&C`V@<1 zu$IMT1l|+r6YbSU?r?5b*NpsYtM^-+rmsv}YHfa+Z(>!RaV1hLxlK|{q$^LWh`2Z2 zQu^%R(NugH%9=BZi5jAFeO3XX{}5GN{Vr=+C~BDQu`n)BVaPgF>yydhx&S(4ii&(Oq zgvMJ#`!c{s-Z|U0X``2yqs5OhZZJJ^=_2gfC(Q(L*WS!Kpy3lsZL#v?E;gUJe3%*U zI6f;GDSNsiBW-HQfsuAfESsPU>1>)RpJmjJJ*?2IgT0%~VA6&jCE$O4=1q-kEmE(^ zH0xe=$${q8Ef!bf7vMG=8n*}TL)e_)0=HAkBQK5l2VR_?P^drQ*T{z{TU9i+bol4*w}8arq?{Rz+>JT$JUh3JqNq` z$qe4Gt1a2g(D279UGjmMT}%fKw)~w{htuZeN6TT!{PrNpOBbo!QW^e%FtOj2Xy z{oRzP+urZuBKPv`(MvSrH%ZkGjWwvS8}F30#}LM@K5NU*j!_Y|JR~|6R}i!0=BG9h zu_I+#W)A0Cm%h!L62`+tN18pBR5LxW?-}z9CCYPO_g0)8_kIdR?Y0>n0f|ipf;$e& zkQjHxlQl+lbBg@%;)0RwO6E&cw_f-~Y+A&$iQhDS4Md^(I|-)*+omhRl`%e3#oof9s#hps|p9L(hTou;HeF zmOW@ELTdL4zul&Q`mQT~vOR`-S3b+{2X~Q?|9P_xbyx{|!p2W$Q62pC1Keh3xgVuQ zwtvxvw7oo^2qiY7JTuQp7#{iE@SqcOfJjGX& zz1f9>eYDugRFLo9P74JusBxfoxB2zqu4P9E;Jkjj_;7*qVFpN}Q?KJ3B4Hnq`lE|j z$CBdXPK%`?WQ^S9e+H{FdU3O3vR?9tX18v8{Z_B17SAEU?ZVU8jy>F7`bylt0@md3 zuoJpkI^lCT=^G2V549q+_wCe;>`TJR{}mJvvvDUsj$~`WC(a&6ykPUM=1r4!znodT zaLm8R0rBq?vl(5@R4WpO`C)=6D_vKc3Xvr-_@@X@=Cu4~BTv%X=YMv*N_PGHWKI{6 zTXNFbl6jx>&x=wBA#LiL7LcckP)DW>F_zO%q3wSy6Sw)J@BsLDUze!ub$by@9_1G*~wRNQmld`QxG@fx5j_fQ$`S*iR0#m=`7i{$I~B3-3VfDhYIgZd1={Lh`AR*q4Axq? zHQ~LU(B?kjsW`~m*P`h*a!v$|zUzHM3%{G)P93kMVGVAr?DIv>xs>hKB=+H=RtG{^ z5s z!{7G5)5Sg+O7U5!f7OUJK`p*zuOLgq(u|Fg)|FZy#cFr!UlB)wboA!65z;mmqH^PF z9itnKG#x)k)&TGFTXlJPd9A&HWY{+oA$YF5O2GFdQEMgG3pEGhEqa-7^|)Ue1x*b@ zjSQgB$(UGiJtJ{5(}s@&7dpi*LQ?Sq2PprDyu&&~&-Z8-j4uI5R?5>(r?$if# zYP&}7eg4JX0Ubh22WF@;{V7Km8drk*8Ngud;>$VMWsfNwFXjrZvWBS{b`(ed*6u4n zf_dBkbrf6+;-&{{lBz46LXYh1fGb9Ku?98J+$3`3`&Di|k=mSMj>AML&@Fma>xRO& zIDYSGx5M{%E_{j@H{qLta#6&V-!pe;Gr{zPBoSxH*n5vZVJMhCyX~4 zb{to!tXGj?YJewKMbJNg?U;KbYm>YG$zGNEcx273Y40v4K6 zRm!l!(L=4&h{{Cqn2SX9m`!f@!`T)-h<*NnEnT?$)B$O#$Ph{uCN4(J=KLj3(&bzK zp<1gM{Emo+NEmucHCr;x*4KQbL$%MbFDyuLTZjznx&~Hz!QD{Uokk<&DMN+jDQcmw z>FpgVGwT$@7!*XTT9rbX5VjmQHHz2YEb_)_N&Q^dvR&;2Ec~UC>Typ_f=xq~L|*o0 zwq7xz_b0>3ftP#GYt@4M3I0LhjBqo(rXyPc%h00c)~E_?lw)qN{Rop7GOQlObs3#_ zs)-`7x>ng~4;~k1ykV)71)RohW%?VSTgaOrWfI>e!y-KjEZp^z;|jBs$37kVd)p~U z>Nn*3sdB4zlft@`@`-TZD8_3>=8Ge)_mT7zw+V>DMMu6DyT_`*!n(`dxU8&4A7ii*V?hrjR*X?L^}h_@%1MBRswyi8fvgHSIDX)i*oi|wpv5{<(Q z3RYpVRcwc1sx|?i`^whBp)onPR|wO)7GBD*O2Z#H<4b_6slOCt+M0EJ#Xi2=`qSr~ z`m{@TZc$@pP)oB?ps_dO^Yh^$>ple#jffU1 zP5=^-ykMKkY(A@&0W*2;@8NnYQ7n*k_CzyhsI}JM2P=Ug_ons))&Z40tI2uk7SUgu z{Q)}_kFosa9*3}wEA*ddbH=rOkL@`v5oC!rVS2gSk*ebz#`*iNq!Q9$mSEJn5;818 z2RGXk>#G)QI~x4;@b$lW#t-uuCkq2A&5omv*F`l)BJ&fj4t|WK)r=n2rS5rDIxOQg zvNxpagLKuXh-l^0hFO~28f(YSEXi0lDwUZXv0eLboZAjQXZ*W>PpsbANx25nX#1^s ztSFX|?9At>a8m$92QP$U_$A9rTJRlYv^N^ z5d}SmS}Tu=Z5JRH_;reUrk)>V3{D@&n1HIqVhvV_mELcC()i&p-!>U&=OC&h*$rtma7 z^LA-)6(BW{idmcE_(#+s&osBm-tE2!CU4cl%rhu(7QgCE8VgTx7Ka+GwpbdmtS$xV zDxagH#Mbu~Jts&EA7~6x=QeJk&x(*YmDDB6vKVPm6bnTQG{A-038pe`C__w0Y>N#t z!?3{$*6Y);q^c&t=DF#qLGRs+%SSjY<&-t|cjx~0tQ#EHdXA>2r4&-^J8BiCt(N@N zftY%g8DT1Mx0y@U-F~3CN>TM*@s5+LT<afI1ykpbQbx^mw(;3lJ@QB7!>$^w=lB}PSetjWse(-u5AmLrLvL~4JD!i< z&Y5Lf=52tRyq_9wE{{?5P`VWRC9Xv=_Eguz_Nth#FCAhFsvB+I&Ik2%?Y#@Cn(a?J zx$)Mg_qq6i!j-BXCwe!nUqRg&$bj=l`7AG)MlY>IQFxRuXDCqd$7%)3&*|( zY8Khy(^#5@4o5We`7Ji&%MEK|tx)M%af2mFTS7U&_Lf)Lv}o5%+v{M(vdhfZ_Ib+A zKtX}KB|<*yVGUwx7@RZvsBS4A>u4>!&PZaXgyb*MTnbZ~#o#SEa#g*}R|c*k@HWS# zkBXoGI0q0*bpu=_Bv{qYzPY)ItMRe0iY_?TtG%F|gQ^(g zY=mD#v8%$E*|kn=N8V{G|I&5T`;yYdzJsOD))2S$tk~^vHxBLKbR_WY_CM@dntw^= zxrOu(nT$c^ot3?l$0CFRT{}?Sw;LzVgH;PN5;!^B$*`ppROvSytn|C0C{2{bvm7$8 zx#MPIg;_pdm+(LqjszjV`QJ_V^o`X+?mpmOO6S))Q5G96(M4?MIHkYNe{5;3 z`Y$an6-VfruUtXuwseDw#{)+=e)|ld7>YyQNa;%Fvp}Al0h<*a@Ib=z`8%I*`bImc z>NyJ11HDGuyoBz7vAIr?#l?fgc4rtpE6eh$UU!kc{R4$DzSe6yfE5f-6`D5xQ)vax z{P;2)()0H!=NjO7vtIWLiALexrk`L6H&b%N@Z3xtT zpH6+=M5t(mArRk$2{LWFaq+iDhqR>pJ0@MI$V~Bi zjC@J*Z^)FWz~wi>c=-=6{W4u-r|uT*A0S!ZIh+ZI_kY0g-$?fF^}{d4Y4!hseiy_6 zfb4S({ht8%KTtf8a>&0$ssDoCrLpE${(UK$8ROtT@%-63{}FXKKxs|C!{|RH`W1Kn zJE7$vzi{sQx{u3ZraSj#g9*Zq6c9VnOGB@@1WP|<&-r9`m01db>TAmgsAw#@dh>0r zWViHQQr6v7a~wJQOqA<fZSt6oqfFlE%2G{;aAH2L?B zBEfrm>yveU#|I-tmi`NNc6Q^nzGFkFGQOiai9tXnQRTjVa3?v|*kx|RW#wh%*A7dx za8dD1qbl=rk{@9CY!?rO@hJ7P76-A*>ZoYyOJe#M)#HI29rGIaRKtbI^djMiPN@_G z>l3kf!itvL)wK9;GyOKl`kfnd^Z*90C#pF;IlSa|B|1_J3^q$IEGgmit>o!@{sm64 zoD;GlOIYs9#WTm-6k_bV--7Rl4c89^ohvd&n_ssG)I3|Npx zNt4r8@Q6O_yLtCXvP)iv=H0L>;QaPy%YN!_&-6{QaB>VRhpm9)gSQvkW~<}p!k^%s z^zhz4zA6gyOn-I1p##2i;tMlo99Pf4IAvoXlD$ z^(>*~zN(%T3+|qdm$~W>F)b|lXsHE%XEqIL0Bj*wuJFvE&xYOzWsc+2Bf}&*m5kG; zDHr8-+MiVy>hIaXV1#P#xsHS|27!awLPOu30buh9?fe~>aM8!VX)pI)YkE@042FV( z6)ZHyAckYwMdKYWf>dFvC76wc3)1iDz@AXzngKpNduP3(+!{8|vNHpGaZN2*Vs>lI zeqW%3Q7Ki*)#Ra`)pGn&b|*%(?o&>0i}u)HZaS2;W=uDCPfQ0#VXRR>YbH8t;}i*| z8cke0_$QaN&cg#TbC!$7k z!`U)jbD-q5Zk`?Xwon%Tza(=HW`|o!-+gTq#kLld%4vLLCUw#&zT20!ILmZ)MqXYQ z+|ZeZeGETeW{;Eb-27|@Fz(8uUn2FI%0`aT4fc_ruT1N0L1)m9c!A@@9v{&Mu1PQY z2iwdz#>Aoy-c2VLD3!fATw&G@7S+08pVeP-H;i}Dw?yyPkvMPJmGs^NRq3)ARs6`H z&d)&ivx?Q4qxl7rurm`1{sEYfo}S+95M$({%30AiE~O9wbp6SLvs2JmSX9IzUM4in z{07(-B@W9?0jUzgvsTk0uN?rY<*ygER7 z=W(!Yot0PNwwf3Y@zw~z7tRT7x|nvYgYS?50f>mQDRlDOqLrzsX-aA<2T0%_R?Z@3 zpCs-)*PE_9ly6Ywxn)5RZP6NH?OR?MDT)&?LKe2XV>eg!$F6=~s?=PzCGQ|X6X23Y z3@ny$Y=OJ*m3WA4QJ}BTW*Flr*Rvh_A3nVY@w0iQ_b26fd94M+!YZk5WaUg+dx!qg zd6p@p)_ES`vd}Rn#XhT|AM<4%lWK%O86??ZK7=6)A3ihE({7A!{**SF%WS53X!f(z zOWH=pV%$tZ^T0kIjXGU6gje{!UFsZB{_Xc>(XWaVj>=?RPAJ5m>I9n`SgSl;-!dtY z8^a(6B3ZG5IU}D_4D%*z)Q19RoxV7|&FusNEMR-*MkgkaKXc;SL@c|$Jx<$7zx?VA zTsPsg0R#PRDeqcC{aV5nVULz9<+p|U>cy;MqAj#2U@k`Td%f}z$@c};fA8oudg7Z$ zU>~wt&#jDHF|gPzRkHy`olZ|^JKc_qBqDE!Y7|+LJCTc|ceOS(%Q1vz*)}+d_YdQS zMScmO;=VqC8y(%$VMCn;qd%5APQA_&_uQNT;(+~R?JDmr6Q`ulRbNuJT$HQ$cI=-H zEzepoYB^k$$F}h;Vl1#EzwDT}tfnT!2JQpF?SO?2Sv9I64F23(r&CVsvZ9RiZEIyycXub`&zOFBLGL;3it@Dnjo+_0Kzj^lCidbh8TR<$nSuV# zr*nvDuwrL1v}?k1p0)LT^z+1D@wJ2HY=QszxDTHk#BaT3uY>KZ>T2M#-J=LpT`eom zVi%Dh=uC|N*$@#gaPX`oWIpERKrL*QN=F36VMa*;sXN3Gh-*K78M? z?EZXx#BV|D-b;;5_5$+#Mc8!^P_~Va zm6qlCRlV&wtGPN*OhFVOEkJ_W18o2H`KkEcvHOrNRR%;Ow)*8u$8feAptLibIdQcC zZeQt08AFC$xc;9MPxsEB)nEVheR!u3NdQnxdB5iGzxnF^=1GLpwh8&NM-Ye3ukA35r*G%!B zkvrTysE?ixQ`LxL3a{9mktd}F$!PaS@@|!j?*NM1;Q&>A)|qSGiG5!6Q*ePx3_h-E zPYiQ)stb#d4{4cmmtL{o76ds%FL+rkOzk)IVA&)$qH_6~-e9Rmb*cgsEhU%jf`P#= zrrAPz4EVh`F5fD2YX9iHjhCd~@Sx0oiD*&vMhUR0$4vRCM48jdQ;{6r_lnE+pEc%OsIc9Bc z?%*I>@|N9S7`xn_#x(_+#toVMdu(zyd*-iQ;&X<$xjT9aBzy1;u1yQYBT(Z~6yr0y z#<^;1?uGE5KZY|S*xbZ2YGo}-h&d=Bpv+cu*7lUgtLBVWi(aIZP2&c!x=dXu+;4S% zOOZ_!MtxQYwMKnjIAbjY{}2}vh#z;E@)(>a^X=6Wst{_C)^lHYmxWFhpV(IF7aS>W zO{(oGdrM`f59|GsO%-ddECy{{4ZLjvOK~;mewQ_S@uFmY-s9ldv8Xbkn~q}M>A^JK zHls_2X|A-BhB(+(@yt~GHQ_=T()TZjrXV%ZsJ077#!pSzt1OmwiR;URBY!FjBn$dK z8rbb(U$Jo^R7OWtG~IWy4guQ0NJ zJOmBH3wLLXMMCks?H1QF^k}4p?Mm>=B51#s=XjH4dBvj#EKW=TS)NU$N-f1=*Bxj{ zVv<-xFlmG_^Sz&s$gp`F3zA=BOl*u2CYNj`tuIbN#0(%QqDr;k??Kg;**>bAphGen z0kz?AeIr-{yzj09E%7IouGvY|Xc2t5xpI{W)_F)aUc7^3sD(Pene{SU_Baa1Wjews zZKsTK)LZefhjP6$*MS|jN~Mv)r5Q{a0gdz;qy{`H*q+)i#CFtNSvS{n|M?+n&;7*- zWAzLTk$Xp?uD|-B#3T>6Kv8Ln@yqBFXsJuI=(t+w^w$n{1r?I-Kp09r~_4HUsRbDAE{K;5Vg?cuwirF6GH<5z3>#7?qU$or>3e#hn z?tU*ss15lZr zwa$u1#zbz?&uA2vnTM;a7ZBHe>2@OwystOj_3Q|hmY+mK46#%2{ipmDc@0VbDMdWvKo=iddhv5xtBV)6u zW}#)OC=~52Rc5grR)y~mCzFtRxKa1sGZ(aoxfnf@XlI$0Y!LZXAXu)3@pG$?f%0K6 z1--t4y+c-6zr{A@q%iByzm4h%B?<$J62kW{YJRM3zjoNf*B~U<6loUs`F#%TPpe5= zqVA9gJx@%AU7{-mG}_nnw&Yb6jk$B}RULD=9Xs1a29(nF3^%UL)+UPIji@e4b7*XM zR8TKT!g^fWi2Z?bqGjH+jqTo@U=TvSzvyFUMx!ujsMm&BtM6V`*J5I=6SSE)QU={s zG1r+vj%{5_*I%GCExr4QBs@Apa&Z~gd?m}|yun*X{fVW)+Grpg`X@-(^BIMX5 z)!sXtS2iNVyajf8#kySh^V?o8jSTh*fTI^$H7a9=`fuvpmwA-446}p9^Q$G_wa-D* zeB$gZ(uS9m96ku9MKl`NtY4~PTd&_|Txh-q<{Rp*T|-|g8evad<=;V$h8qsbf?ZG5 zE6%+&)+kjKwn&ml=IM85dY}w8%NylFegDu{*zQlm=J#1@in+n|>be~h6C!N)&eg-^ zH_M$FK!r}3zl)3ND1L{8J`lg%0l%#gWD4a3xr@AXTw##U52F)k%`BBLybY3l$AI}@ zn}@#XHU>taA5UzL`5NSHWT9*tlWZaZ@H`7r{o< z$xj>5qcqnGig|3G6i1#u`abc@p(i?X^CPZ4jcwp_oEHw)@AOggE|WskLOkt#f%{e~CEDc8bM zpZe=H%b(;r7kRJoOhs&ASDHIZ4I`kicjM<{ziHt;Iyd&|T$CE%$6eN|lGbPEodMyS z+t)5L&8ga9bL2--R`cyOSQgBGGcH@LREOTxmOsMf!6LLtb&Tg*-5i9#Ou3k_Zk4Xu zd$Y>cN3ZXh49CJUmI}idP(C+Yn={J!Iy4(b0fOyBc;&sf`=;AGFt|p~qyX6sn>q<~ zS9N+myyWrfaW%Efcu0Op?dxWkh<_eIw$E_$Z}sOpw3Thv9LFyI(*ADL$Q<^ud+{ij z^(Xr>n2UjtKsJ7(ZePn;%sj_ke28hEt zY<%9J7o|}%5Qw)&f9qfIi7?aZ6Xr_08P(~5#FY%OPUQ*XO`flqQ^WgDL$IOnu+;cao(&_z!~l<7vvxlKIz^d>+H;FhdlT0{ zX(43TusGkm_M2*Vja(u30`VhP_Kw>gZ^^Tnw#7_6_t$b(h8wj=JzQB+2Fx#m0?Qy^ z7?bWdj1w??^u$$G&{D~jvY+X)`5% z>@iMxxIOgqX*&6y%=<9FD`B@|V_&%LJ%a`rwqmgXo?1>hVudl=jD~j(P{`ar-e$wevD|x?f5+}ED0U?o1WGFH1TfyC8v87=(i8sWZ z^%I&oO@*Q-bM$H**X|{gK6iMz6&8hkJ%a z9MCPweqe=@3mkwL-(Ul8ad2$`fH^+fd!cvPaCBPr)s=S90{g zX3oI_d>}FY{+F%7m5lcwNKrZ3gmVoW#k!G7?gjC6KgKa2Cd^9qF`PcK)g=J!9xx`~ z6G6Y!X9|FG_GZ`Ooc2IRsj4Ug=iE*E==fQQ5PZmSEABJK8q~cRyl*>}(;jxb6#Wp= zWif?$OP;V6h=2Gf%9>fDh%p;{zPBM|ti;E>w;VB;Uv-Z* z0hqom9^atLGVKtUQ+#qn{Ft?qpC!t;-^NV^e8%#o({(^KW<#LEwwvo~H$d3kXTX@0 z&((&FKo$3fjT<-5iL|G|MaO70HLR2^RIyK_`>5PHVc+H`bND%y46@d=Q{kN(cgo$5 zzSZrO%>*E;dn&IpDdc5v1YbSlLx~QN$w^at9No4V+bV=)lZ$4HE|eH73;#l*f{X)3 zTiwio!oEfj-mw8ff%O|Oh?IkL(IR-gSP{P2{c(i048AWUQTK7yrdaJ#b8S5ba5--v z4ED^y`!368=k~59x-qV(6br7hQea@H>e~8#l>E(0v=1y^I!fg&1=LlU_U2bmS-a}P zn4Ydbb}d8x1+2&^>AZs8&TG-u6JJU+9m5$o+X=ARD+~^SPzPT z1LQun{;{ZtOfINyi1vNoiR`IoU#3TkEwqc8#l$$;E$4jlVCdT18yy$mGz{BfV zGv7yn8h|fPARZX@ac(T1D<>txdOIXEZm7^c0LlX1Z%u`7fcAhH`)Gh0I)o7K5!p9G zj!;cn#NK7B*@M4x`HqW2pmovLk1qU?kO!J}0PQg8v%DFYv8v(!o!NEEdIg;o5dc^E zclv!68qUfRp^o7xK!40j@0XVoGMWv(1U&vMIs9L8cfj=nb=g1N{#gOTvGd=^0qrh} zp#M_6=+LS7_#Y($AlD)}t6cn9SpWoS`!&tx9r*7x4501y6^IIdNC=u@43GoH(f%dK zua#~8y_|BU$p2UauubXHg)3(&_*35hhZ4(`+BT~HR4fd(O5RMf*~W_oicQ+8vp@+d zS5lyM|I_dGS6$hy3QB%zXNMvjL;ltb^XAs#b>FS$JH#=5?hSuB<4Mv-EX_& zUGl&^Y?4=gFuBLQeWDVmij&@JtA5?SQFzvRid%fu((QlZEH1O#pG>n}=eo=m^r_wZ zRAOWK=KsIK-PwfK*)4x-OG^Ve^KRJiYo_PwpNv;~Zndr0IXFyKxvK}0ysWtgTmaOt zWye`XUWZ>GYVZC$Tx8kZMlrsUB;jgfX{k6z^fHJ8d6nOBWp4Lh zXk>iq;odrmcm-f^8-wx{w|?I^HSME3*gMD{VD5w3DPfg+Yy6O#X8$vNAu@w`kbckIo%* z4#)6y+7j^^hQ8 zfhew%%Ap4B6Ay~kedlh&k&3;-b(vtQz>S`9eS_qitm`LF3aP?BMU3PDJ;ucvgM)x1 z$MGw`tm6TP-;1NnxE2Z5CCy#+5PmnpeyQtx!J-LaExm>YyY|^Y3XaSh?EL3aUONLi zxSS6=o9zNXH&j=f`Q(L&wa2uX-SFi^+4#A0`APRg`O^or@^!kzP*jF}x2&O(R(1ig zu^tVB&XOggDtWutQ}0KhGcJGB$bH*)xzi*lVi|MyWMo(m*ll1A5_jL{87I~N0v;&3 zA#MV*-J84q+5Jl!SHu!WCTrszT{tHi!J0eT|FLINCg-ZTxA$00seAA0Ph~cAaE=|K za{o({B9A5)zm}f#$^xFh*e>C&4XPbx-M>3HV4mYwJlHtQSU8rSJTYM5SfZ}2VIVu9 zC{^KQ+uaD?r1dOpZavy^Chuj@{Tqp)8t7-!HmHbKpQIhh297FG8I|`i0fuV>&a>ZjWYwS$-*NABR~^a2EV{0GaU^nO=(- zb4wf5^0jP&_OrF{SN7f!aXVqY0C)z0w#NHps3Hfk9G_nN8R`l#b zNMKac?=l9560$ASJ3r;vo}`A;Z)(73rQ1%f$^_0w7osT%5akvc->qBpT&7cO8aoAI zG=YTEw(KN9LnCrjBQZ1kh>Q5bX#Lu~t(Ri$AANuIO|zN4C=1Az9uHNfqI za^jVSIpD$ePI`$Ru+vCSf1u@~t-E<;du?=>$Kl3Co3{#UYWSt~5)O@)_oEniit@~B z>;(@z`uKO8-f1E1MM?|p#is?qZMZ?bDn1sA0ZK#d11$rinz#d#$i~77hiTKxn(Hm4 z=8b4%EUO||0nH4fa;fp7>Oj=n9Dabk!_4~4puyCw`y1;u=5L{b4zob3)9s^DODdry za&nCDZ8rfa%{F^|3y=>D-HA*)MKiFm9t$p#$PIq*QEC6EAYi5usA@QP&pmvdlmivi zv%UH32FQJ&-BG_b#j7yEyOLz~ngz5kz#GP)Bk{QJbBH|}E5yUGaF8qdc9`y98nH%(B~SWnwY1wG=T4@v^otdfhnULds0qb~xI zE4*v5>mfh`Q>0x_O!jCtjX{h3M(-}_JzuB~D`R*4-(EnW@*^%KomM+2t28!J?oIh~yOYhQD< z*~92UG)6p{vU>(U*e%8{&5(g`wdS-!Udum&92~b47kM4l_kE6<_9pqG3&oeXPNtPz zOCC5mpbmb*=rSY-yqtHH*;vOOGcN+!O~7Y3hwY1)Ra2I+8wvN_%j^O&?u+h5U3+Gm zq1e~1{Kj#7;IGC)Ns@u532Z*_uxtV3G29xNi0_M7)X{{E7G}#h)ugc!-ceu4&#*Gm zch;v%4Y9%-Zrv)V7?E1ao5rUvv{^t0(nGYpioZG8mJle&ctxr%>1i^e0N*&d<{goQ!g0g$t7N7C>8}d^_ z)&N&px)_W=i>TV1+6Nln^IUsCz(CdF8Vl(nr8p$Vbx^R@r+G97j^QnjkLeb-zi4T2 z5|a$Pk9e%87c0f&;w_Cpb1R05?)bi%29)yS6b8S!6AD>--%DfiJfBV1-gb7sL&2(v zM9wO~l^a#r)}{}W2sU9D_}=F`hRlOJ$W8gtIw0@Oj)?GJU_LOm z_2wIQn*GMKMKp``T(BsSMtn7+Db9-!dssGv-)Bw(-5iXm!l3nQeMV~bq2@A!t;2WY z7o?dR6(DPEvYu|HSJkDCdEOk`uZWFV0%HoC(jhPB8z#ogA=Ih6pEu|QCC;F%MgOtmTXH#Uo8f$qH<2TzC1^gC)=5{6FBVgvt`PT~o0D==v7_Osa zzRvD_!U&c)4ZjUg-f+53d#%#26wCNa>u@UUR7aug)4h(Y zRNn($wDd_$SwjLo*Js0Ff>45XNL*N{A}(^;Tf>#oSW~VU4G0nk;)ObF4?eSdGk1n( z2zdPECXntl-R1I0f1E)4hqHq%`s(=*YO`%D=|O$CRyW7WS4G(& zoX(q--A@J9XkJw33Vp)CB}f&Tut&mwamwTJX|F7eg;@gea0vj*N)3EEGF1d+Pp)j9 zp<3hf{CNlY&LSv3-<2F4fGJ!?J1B1@P`u;l zo6p@Gcfqe%>}DNyEpf%oi3v}YCri1`DOvpG#_zMKROJFSd3j)u8l67^IZV-=oANEZ8tWr8cDg&NpDTA zNaB15fGr;_L`Y7GAJ%gBo{P`A5NPTh^zvqnjSCBEb(GmGqHzhJ+(UeDyw)rBg*v_j z^wcQ1F!yY1#uB&#h4KNR@gnBjLPEC>9y?OFL{axHq{3?|h~XxKBo@IMP1UEonV{NY zGhnBz_C{Cf5Kg7bGB#_`S1wmw)akPl8o}=l(*6j^a#MvLts{0aNpUj!QU>fFQn0=}Wi&cfDu;8xQ zu3*ZFFe#$8nj}4&2g4%TkqanCa&57}_5lM|ikwct#hdW$e@@c$1+D-CxWvTokHhcp z2lIUh0S-ipxXE!@sW0FkJeQhbwO^?ii*F9?0u=(r&^Mw7~4GQgzW&FO}AfjXbVU6?iSLqa6BYVQj} zlz_^3>|*VDL!nYj)a$W?1r-?*q8AHf*v1Etl$UR+qx`Yrz&zXW;a)lmFd!MfFXGth zO2hT=txbG5Dmskw{?5nPSeN1W$I(8_It_lso$gky28rK1j4OKjOHLe<53Q>TVB6vH z_aG_tK@;S1ilV)SO`+wYKN z^Myn^akH@k+EVSJrO=N@nEbmPHsYA4Fxg=j6`*D?*NM91T{SX1{4S+l#b6`|nC)aT z&+iD!Ov))x=9mEOzV>^=Ug+SBnKzy!;tN_4x7FThSD0m5Rr^XZRdU-NShG_9hyiNB-BVr0Hv3J1$8J10|)_WBGP;4L|~*vh=2q_2_Z;{N+4he zBoK;cWzN0#xxdbRo_p`#{p{?uv-Y>v_r33W->*heHnE>V@w(tUC_AjTa@<_lxp{uj zen;9HSIhaSv{_sHq*5v4y$@D}5PsHu?v0=I)ZS=z#r^GGa)_lEztu9FrBg!A&&+GfzB~jVD`%9e_3~7DAeY{X_ zqZ}IJ(fG+I4KouNEMscHs@T9ELs;#Q?MFQGYRV`MKDETW_>kD9o6{-`^y!hee9k9G z+QYY3ithzQ{!pxw*%^P68=1Hsb?Q=i#QLotC)g>HNtazvhEuI5`vXY{uXu`!lQ*d1 z!ZV?N*WK3=#46$Ks#95w^zg-}l1`xl?e}U*?hWfQ=FFl*PuE^bPpO{00Se}|d=7!xM`_Z&)L`?KxZzc1yJbxv?|(rlK^cky=4x>++o@=csLnmik>*2i4%$(A;q&o4#^(zfk2Sn4nvvQkb(Q`|Msx-RE`taA_ zb7p0HW_BIP8wY_zJoeXl1QIhsUusH08x=X*6+0Nkt!-yR+u7Rf9BqZu#waDuXDRxL zPJDPk(5yCc_1WE6k-6!L#r$)K0FJM(#7^)|;c)_y#dxrehBsQwbxnOebSW^XHox<< z@Pw7&Q@5=@Y*usw8kt4|<4eO(jZuu;T$|Npz!gmpLY00N5e{gE3DitF) zAOmG2Am@!@=6chS>fG75;UaSZrFJE9wHJuyon7yLaYuG(-Z=8B(c9RDRu|i8PlE#b zonxjN2O_J_JCK~+V}wwh2-cGZ7>Y2XG#S3Yc$YkfRJ6?28en#2(}D+Was5|$zXcY! z*j#GuB~iDY5UsE|7Q8-bXiG*R!H#hkQ5fRzmg$J%Fijy3TYtNpGoGy-0?N@d_W9NI z^{G3soZc>q`}R9w+4r~2=z-badNNvlm@valA!JwN#LU#4;U^-)9m{c2H@G(xrCsWf z<4k;7{m`4Jj^cx9!p36tB?dq)_JHDql9|=7eQL3ne5=zj997?1Wvl1?RN*=5sUVkv z3R_gnJGOer75UB@!uPe3kDn(MkwF3NR1dGA;K4DRwNaz;IxLBJ+I~dduEh@nH5Xq_ zV_nrqkbb9ZgRnS2ty0y7e=3hjnNL+~)4&su8O013zx3n>YSG*h}cvRGB^TMxkX7>lu}P z()(2Yfz)|gNy0wjGXm~uiyF&duDee)@v#%u;EZe}EZ&S{YZq!NFF)zp%qhcXK(HeoU_QP~u461*0UFIGQ_aIayL=@tj_zU)nkDHsp>l!!Lni*W;F>M8mV50Ek zk&Eu}K9;c}ZqpT*2X$GfB!#i@B3SZE(%2|5H9IAVG?jkVyKdmZspNp73wknY&(K!2 z`cH!0;5y5Yhuz@wEYVvd#;V}$q3qe-lryLAH;K=H*jesNRRTaGIapO{ORePW4%hEH z*F2hU>7}W`!H6K%q7zk2ax56&d#PNc|PAXA885pwl zx2Zl=o9g$xa}K)n6!FjNYK;`)pU;fTWDg~X3-rIv2*8R?H3xk8kfCu%{Z9I?k(|$_ z!%ZeVpf=G+9n|4`5Rdxy1in2h8TG+F)ApKw&9iSqk`L-k3)FBRb$_&tnKJ`2UtNAo zjk=svrpXfVhhTHDCUCa$1LP>iUxz+0Al7?y=OmG4C6JkegW=JkRnxBoRv-@pLYJx&4?534G&Q5!D%y1}R%dEsfR9#F2?$4IJTMf5vnuln0* zh#iX~k#*cX8mmrW+Ip3Q5zDsuKfsx?K3`Hnzkf8lz3${BNhTKi^Z`?=C~#2 z@p=ja)ifc2-TWQghF#%@Ch_)uz6RbpL6mr9LApiZjoaOfpnYW&*j>=KtC|SLUs_s9 zKd=7syROdM6LG!tPPMB)YV|f-svDIj+`jjqw5{nk8>mNG{{xg=MT5F1fB*f_p4p!+ zK%7DIf=8$2wQR#S8MvxIw_SRQh2hYB*!fP$e?`<%6A;`n)pl~)eJXG^w zfqZ%b2IYo3M;{vNqRa+XVyjVMjr1Pnf-?m{aQOjI$X`xCW^Vj>ZDIIO9MrbT>C!p~ zN-eNe&^q2*AENz{_6q%Tjle=j%EJ4)_ZON{bgxO0LefJ zO={tMW0%4CgpfwxsI!X^K4^wOKs&5bQEt5cI{hY#md)xF^uV|lGZ)*+dDmLxMBAlQ zwMBh0{$i>ws?F2mX69(EYrwtwB-=QMw9GSg&EfAA9PYJrc^Zummuq7NhLVY6E+FHIFLMguVJk$GG%iV~9br|xs<0LEt~^P*J9VC^|UMXfB=!FC5Y zF1;IWY2xTa@Lv?24$~;pWB|4llvL_+R@9NDZi&jxmMl+Svm?Z3m5NdqklJ-E)R9FY zmkE`PBoDXCxyOu1BSM1_3%w)1J7up)Y1A)H()KYO38f)B9o4-};b9)S(}~O&po{-Q zgm_p~(kk%WV0MP9u!&3={6L;t)`2i`A43;jcR_B;DeD(40x*IO2z@kESa{PQmiDnpuOK~c^uoT%;lUJ}jYb`v4SEc0j z!TLvh-&0N<+PYqQatSn1JgV2h4js%6TM=-_yAk)dBoP$ld;3DKh53DvA7*ru^rM;G zEVall{ojUKldL?A-PcbtpFUM3A@a6Pw2;r2y`;})2r)jbJCQFg%uH_W)x}!KUfYM( z&F(Nj!;s`|vsbX+E%Cr)wY7gH^eudgj}RdM`0Q%8d>fzmHHgsHaSE>ky>c_%(!zY~ zKTDW77=^3S3Y;_H(s~9YyfNv7#pqucRnfe*3d|r`Nr~?p0`2Vq4MQ~n#WJc&BQFHw z7#h)rM|0t(Yn{>Q?2c`iXFiek=%QhgSy!Nb( z_KU;cZgYw>eP2v}PD`z{JxTaO(bY8|X~0+xZnuD!d2ZI0{!aOd3fyJp5+(r|Uo7Ud z;^C9>t)yspZsX;UC7}&LLw$W zmzI9r^QpX(?Z1lzD;~K06WRHi%U{LkpSmg*T<;GVXv?kVF?eHi?lipS`4VN%JO9~f zWl*5RBO;GWgCzrax=`@MUGj8mW;bm}A8qTD$j+Zq>QR)%U4~T1bmi{_J)Qxiy+{2Za34Oub3-}GNYB3wl z1Tc&4EVO_?8{o{wF@qYpd#LZwc;ug&0IMzm5PKFSHHK?Y^O$VeoB>mF(nlulCWY+F zE!?_A4Qy>0XS{FO+73Ph44HB=iTHq(xuJH+or3lVP3>qJmnD(+fiwHFz>oD8P=F9O zz(GMu!DRV1Ado>9#Kzo>T|!~x@`TdFXn7=)Bq?x|?$>=B`xx_i_6MBU7~|gD+L66^ z6?_kEm99Rj2s`9!U+KkkKDMC}WlqMXCZ$#n-*<@M89a~6Go%+Ark|o~qzXF4%7H8_ z*%+O)mp1hRtR7RTkQe=wBa++up`RlY0%}x$>QI=R*uS83+8m~otz7LFP==b{koi8kWnI1m+canMBC}VF3vqy|F<#ICdD< zy|z=KKmBuAO0=|j(O(LS6eSFj0@dyKgYoBWuqmLX3*2svCbDus3PqtxS+yXjAIi*x z>ZEv%snUMN86>oRyo&R`j+c7F`ci1TY;x}t$MMo;#$L2yo%C+t+=G}0_Db5)l(xH9 zyvc17TQyU)c^%#k&|1gVdmkQm?*mPRZ(Rq~{J3a*P#6O=8Xe6Z2)$XVWa&(n4r*b0{K<A$98oYGxY`|Cse=rnt zHNLc*zT9obH=GbFW-IbcvaU7);zdM+m;&gTcmWw@zh`$~g4bUNC_r3h+lJ=K26o&S zb|#<@f<+O1=ns~H@jAO)%o#10o6C*3jhEB literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/symantec-mde-migration.png b/windows/security/threat-protection/microsoft-defender-atp/images/symantec-mde-migration.png new file mode 100644 index 0000000000000000000000000000000000000000..5345928db98964ae59f7fc320d46d7de16f059c2 GIT binary patch literal 23235 zcmb@u2Ut^E*Di{p0wPTmDWM1o(u)v67Z4GoLkJxq6zRQpX(|vDq&F1^ok;JXAVj*- zJ3{Eag%a9b=>EQM@BcsN-gE!w_&f$!YpyZJ9COT3-Z55QtEtG7T&KN`hlfX^@bs|; z9v*%<9^R#2gqMLUwD&9dfghJ#G~{LQihDrIz#msErIn@e@JgbIPfV@?e-k-A)pfzc zBW=0(e+li7YlerXr=###TFcXDebO)zH0-zNH`NLwHon@Z%S86slbk8g^ijx1db1$$ z?@=!1(!w^6l$ZiXqysI3guc+hF^`xpqh<-i!c>MXmqy>8yG!C@!uw?OUgi~lrmJml zO{t$SKM-KCeoQ8(&MbsvR~LNv>B;-_-5r$6+2TOn#!9+>Uh$E?BNH@Dly`7)aI%SA z+k^3Nt*m$B62R?oI#C-K)I<#Yy5Ecd%KfVSFWC~-wFot(Y8N^-puBe0X@SaoEQX%M^bF4pPuDowAe3;5V)fbE~ z21B4EczAsHhS$+IudV88sSJbd(vy!u;c=lgG5Ek^7NWNiWb_gWi_(%xQ!W<{>6E-B14zkaj6m>m9;_UPU9-DK$jY61+kwk@N_=C6;JM5?F| zWsy^!vdIS@W2SW6^v&;a)`hXqf!Cm#5_ouDOjoralGXwVT;H#C4u@8!SUy%Aikh{U`Lq+iY)<%$7Pag?Q zDH&p~%z(2+DEDPa6WN4mh0Dih)d4Yvxr4x3xatw1a3Ukoks3QE&3KA_>N~25+Fm8J z?AJv7EcWJz{F1eB-`cZf$1Ez zYe-tQN!WWN{9~?^^tPX;tamMOgxNo43TSjt<4L zo#1^$y32-b%2p(=g<@7?S9I<_Oqw@aYV*d!3v3;(aZF_eGk)9K`EmQMn=Vo*S%+;B zOBucfz2;sQx7d@_|HCU>Si#;lsw?Sr(e5SvHCfpdHRE54HnmhWN3`Y_G={!977m?g zu+QG-y!jw@i;X0oKjMflMBD?qt$y^)_{OJDrxXun>Y;lLB_c@=4X6za*9_VTY)i;U z>|`36kfIa|u8gx~QH8-yA;=4+LWf!%xjwG{`k7fNS`haNrl+uDp`B2Eumbh6wWC4A zdX=eP-(4uny5>+sHe$+{Oh6CTWy*M8C}fvUfQP4}ly(CRoh`GDQ{ahrWT+VbO@i(fKP1xYxS{um}*YO>xi+Yza& zHde+0Y9E10nSo@9q;bURBwBvUZ=h-2I(M-Vu;A9Dg)(~R292h=@i*tXtHIKuHCvxe z-{T6udwqAvp%Cn86FE`g% zp=74g+SDO)g$^94_lFb(BImiz_bUL$&JslEeNkPv%e!XS^)I7D+Q7Bvfm0#yJ7JUa zEG)3^uFnAv1)D$nAT5t)$xS!d|Ei;?7Y(K!e%esY`(DT zOoV9QGmz~SW}KY% zo^_tro-m#rub!XvJ~-tv_S%nHd;3A{L94Uty5&v>q!u7U(C8l|lVpB$y4l1|U|d#I zHGMiLb(T=bazQJ0*P(M82A{f7+V*}bE~0|=dZ@;O^Zh2f@0^$=Li8;~IL%v`mzHNU zibD}HN!DIlBlkrPt-FkEns&myd=#6m&m_uNL4koCS{)9)b%UCnA#uMc3;ddWbG|1v z-9@X3yST4dAOk_FA)#ZSVkwbx_utfxF8C-43mAk{c}2yd8+bzC*R!E_L7ETxIq)@J z?H^Asy3(5?=cUdMOF_Ou7pp7e&z28$RQg!X0gN?&GcR@8JCo5RR^_!mE#8wtW$r!? zJKJiOYBV~NxqZf-IUG7n^A|}?F4oYKz1giYw68jzdE0#FIfmq7DM)}M?|(?vnm@Wu zR5|5;Al%sS&Miv~sn>YEqwjo@oo=}JObe&?pQRWnjlG4Jj7Im?$6-GKY0lH3vMyl(sW z(&fgd5ds)fMAfWnT1wOW;Zd7pd~pb7o|si^t*~$o+t1B8o?cf`l@}G18W&$%C_7liA0`+|5&b#jAGWEcN{a90JlyVx{J~jtis= zc-L+Okm=W0M_W&=>>Iq1ay!Gtc^rB~PQ?+0VY+X>ZWY_$wm>haWKQbem`Uv0mVs=z zv>OHbp6MK$*gi^fI$90j36Kh`WNhO6(qt8dOQ3UbqvTMQa_d1U926^YfjW)L?(F5w zDjU}v&04$|(jr8^N8D+4%6N8md9P*MVzR;cNDAkGI@ziuz5h&V!l>XZO365Qrmd#I z*4xlACu4nRMaZeu^<77Ar9;7;x}V4qwruuLv-qGFcb*?(i-SLJ8V>So*BpJ{r*d!#8DFR4D@J2H3vR8$Z|CKYzz!hSX&(!@H662LmH zrKgL6EH?@5(xW$Cr-}=&3TX_asDRVhD~#-`h|urBp^g)av&Mn9Vnt4ndIE2kQg_!U zA??JPz6yHVj5@`VQ9rjdUUYuBm~^JP+k+use$>yqt>=lE&zzP+13qcWyB4Pw{z495 zR{wFPCgpyV!0|)$i~=k`lC@V7n;s*9>MydWI6?MrAu`eIQA!_g5zkcjwl;k5U653? zJ*VJE^`YAmEiEt2i)ARNvg~#^uNZ#U zc1KKq0)o4Rs=r*EH7u9a9|dleWPcXmuRz)nv_BbrP;84@BAd8Jpt@_Kc>}%u_L+7H z!oiHonGFw+2<}`3oTRU1?lFo!MuLHYx*9rB-yCeQ22fIgKZ3%>Im%7xgK2Vs)65>sTzbq5a6Sg z_kH(C`}AfLqw$slJfl4U)Y*GoYttkuTzSxDK0KyqzCl-V7DM(_u%FMmpR#zgYo5t@RVp&s`}VWfW3+m`tx_94 zt3ANK{#*Wn{q1l%fNce>lor`pvPaNZ7^?`HN@m0Lfe zmh^c(>PlAyu3x@2?W7c(za6@MpQqqMIp8@uwwS+u(pI%HKI_KZIf{8BLWP(?_U#Fe zOP<}|Wk_fb1AI#rVCQL!2&sH{<%h!p8n#t=H|kKr>AEx2Jn=|gs);Ho_|(CLpVGVC z%x~^_S7)u{q^+vc`0Cr4luJk$BrGC(*#WGXQIWOx>B72e|BD{ibifg}2vv$io&Wt+ zxuoYa)Wr#xq%0aY8+px}ZvEREEXVVnM+?tAvaQ7K*PUWuy^_|5XO|9B1d zc;llM;`2k?R`1LPWC@y@^3 z-kvah?tjGQB@`=nNFe|a3TzrZ?0D~|_M6#K-sbIhgPpfJxSsXHF1-ji?R7A3c-1#$d~ZVjI7-QF8t{8*=%4FalVCQ`JKf2$^O4)w8RdUmW%hz z;qaE>&f49bPTu1Vn6V!;A7pG*`@I%^O)yShU%zyt{`~A1xdTj9x{(M*mUfdSdiiCK zQs&WC!tC6?6ecT{DGa6U`v_&%wQdf+--x$GU0eG?O^AM-;vpsCV;3&-bH3x4v2*(p z-clBt!N(TC{?<_m0#=d-)cHaW@my1h(4|+_Xl5YN5aa+cz`7{HF|xKK`g*g|OGl+V zV88HOK{M2VMHKL$lYjKDK^yIC8Sn3Zkb&^HR5@J%JYT~_9p3bZAd8umpg^1?me9yVyV|DeU)Pf^Wg9QR(z(_5w7S6rYL;cE0)D z=awE8blJ6e0Skyxz)Fyb=Gywg4fcQWr456bTRjfJd;>L?Jo5)rqKtJ61J1r@mR(1~ z)4yR`LoxCh#udl5&x)jL*6jME&AnMte#?Rdq}s92(HDf@X;V5hHP*4SGlnd5y)q0+ zs2PX66bZp#!pT6MOHaMKzm&+^85k*RGYZh)g4mS2!R$W@8NepEL}SS$&gQJkaE$=4Qn(~xeu z0?HOA4UdP|B+SmO(3FQif3ub14Vf~~1%LdhuSX*xhJd?tcZobv!5VZx^+*LRAof4) z9E2@Fe>R>kx|759SJ~I?YDG5%)BV?5?BiY9MmiE3D&RV%7pma#rDe*+P`Il2d=Dmh z0>m+Sh{QOJk93=xR#`1O=hJk%xta{OZ4W{!3S8MIdir=k!>ln^#a^wso1pfTf5g^m z*~P~?8l*JuD?0RqT&U~5P{u=L)+xau?Rd-E2(GwNk$R=VYVeAD!qxlHxGT#pAEg{2mCS6WlutcnEcvH5f_6kjz}Hq_RSpd{agVaDv*3D`FTkuMXyzkWqE{dIp4e6ZG8A> zdoQ?9qUbw&2V{DYxZKQw65~vD*JK+7po7QE6uO_Xlzn*4#$3LDNm;D~YBpr9{usol zO6>fSC41_OjZ;9AGuyNaV3&6BG00Sr;$o5gxa`+$MCg)+ft;CYfBn+=*T0YP#0X=9 zHTs$)9SAE|A$dhH)L6Hq+csOG2~=uQF_$JC zoc2R#TeD6vp?RHaz1hi*S=Z6cUiF#JJox*?mfWz7Z?SDgl_a!gIM zgn;iGN&QM-6m_0x`|8cZ6%Mc3`tIamC9RY+|0pS|ohybk_dW9rq=-xTJ?SS_W!kzL z#hDRQ?J7SY(?Hh#rUjj}%khquu^CsS>R!Zr?0gv`@Aq;qr9X~|^n+NN79D=hM~hwk zHARgirv?@&6{}CKSv@y z0w!2Nb%9GLbc5qJBbT*sT5^OP9Of{dcxlq!0J8sW<_EvgnSSj;wW!M)YL8nb>j@7q z>{?Z3d$$wIstrQf?*7(sk_VO*=)hTn8W~|29H2>-!6;|W3sdSsh-N)X zB3zPq(Ru0HK&6M@-*|pqINLEVLdK334QSKRKc5tr!^0m4Juvsh)T4TXnn4>uWaA||+ z1nltFRNjK85ve33c_py>uWRUk+vMuyFnH|A8n!L$JXJU5bWP!T-cx52r`D^F10*(( zbuyz>4+uJbj6lc1P*@$~M|k~7m1}p2&BjQ_>|^V>Ss`>~**KHLsXsIphx^<=&))1@ zEmHRAkAs;6(4J41U6dAvvHQpiPeb`|Umm5$U(z!t>cDQ~YOC;hPe_5sR>z6r=f19c z#`NyL#MBOZ95OW6`op3(Uo2Qq5to=z)!;oiRw zp6fl(cmZp(+|^Sqz^Z>~cA0UoFmY&$NvwPI$DDl7On|D1Y5{p%$+ z({cwYNzg9T{_l>-b;1=T!sAqtCgmY5NNe)2c>m*NL`a^SS^`?QlI4z$yyc5-nV zm5sk$^M%_raQW@jsH8wS(~nL*oQp(Pnh*N3IUO$i(!Rg^DPRT#z#o7H%0r&e|1lbS z_duNv!$;Gt)H5kD{TYKVplwT~j(^lNfozT&SrIos*SX{!`Nv&)QzFcT&h13bBV1WK zjU1(*>sn1Ji>Ae&jZ2aK44dx`(`-sG_^RT@tDky7caXX6E$3>LCDc+*7s!{A3XbF( zi$Aj054HWm`0YDag(k1+>AyrYJyU%>vp9;RaAvJk3hN{7KQ%hg3E7W`hm~dI6pJ!= zHFtfgTUt&AXkw}hgd=9;KZ_asmS{ha5fH`tS_eE=@o$EQY=%&?Ol;(cr&1qJQv$J# ze<+4{1O3>y*iB(zc>Hrg@eS>QZQ9q=uaryRW0Wll+3)8{-;g8da@6WdAPHu_y*kxO zGDfhlP3U~k>g>+4lH5+P=a~%Qu=dEKB7X+ev;YMCdbH4@;oe**d;a8>)O$PONLSN3 zMqsu^Kc>wuvQU|dJT3osJe}1mdavGUW3e}9)dMKx(#=y^oSd##&|RoW$Q~;QW->51 z_Jy{G=a_UqJY~H!FFw7p#!6$Yy3|y3nWuCzYEV$Fg3diy-)O|M3sw_%;o1HDm{iXp zE-n!50{$WkJ8N!PtJ??+2jJZJyol)#ZYQo093K=ZWsBN+Dh1}W_3dCWiXRsvIHNT0 z(Zw`Ig#9^_($mEv2)P`M;U~uA28M^LefbScBUQrK;%>m-9-=~aA zFUl=SQ?sF%7kM4&93vJqFu8%xiBYE9#}N;9xKgyj;@a3_NLnx5x%x+`)}kG4HP&|J z83ex$cz^L*;Q>FK^y_pxAEdGuDu1UsOhX3Eyl>cio0dfL;&jGVsTt3+2K5{D{3>?M z6%2=0jFFpiW_R5C^@nf>X8%7S=yT`f%Q-69#Ziq+kjc-cQWBQqb#lWmS_AI&!nEnv zh0wJT>Gf9EoB3xTa({)Nd?Lz04;8XETwIZ9asIbUePu)Kl6=P>e=qC%GH}63*C!>T z^iNVViGNwuf5)GI9>87c{~7K62@3xfYzqA&vi!dq{{9Ir{~i9afZ#6)(L~Ms*%y(- z52q0LfRnCVQe6}a6G(IA-zS^#`)}Xy?^PUf2oF&Fw#5I6i1DaM|LoLXr1755kpE-A z5`?GV%N2^hh2n>g7+3*M{f~)^=e7S9L;nfA|39S>7%Ka}P6M{S_OK=R`$q#=2rj(N z*%uE_bUDc~{m5<}$Y_u|p?8elx}gh`e`h{JX^ZJTJzB~8r5hn+&h53k6)3-Mm_N3_ zIF17iOXexvIHczb?yQ9)!Ex&c9dF%os_`vGVaY`r^M@T^p9)8hXO*zv&G_vL{rkUI zPkfXy+2C`~m;DS@Z14`-D_Q5ZI@B6*r#ryhk7_8M45VWe8>hgB&r@VOlu!Z#%mCgG z*@MmLCMQf=jmx6{N+Ak0UE_it&Jb~FgC&O+6&3j$Y#i|v4Yn+O!z}-}6dsD{j?2c6 zdyU))V)d8mx^$5}?)|8+8TP$Qs-y*MBJ1mpNf3${-=Y&ib9Y>t&5Dh4BfvXANls@!pEfhU5G!!Kjy^x8fd~_~?{o$zCf~AAtKd5y4SfIeoT!U=oSxUCD^|e0vm92uiOw) z9Ym9|aZj2~u;}KiazD$53FR8TE?eQ3(W&xb?M$(;f%fwN2_9Zx`pD$u>91fiC9eGf zRQ=AIx#=J!-s!WRG%?_xzt@L*mqkB5ap2$~E81HT3YyjevE9wFi{(a|zbd%9K!s*U z&~S|J^>yB*U+q9J{~T{@#;s%l$ciQw7?5p#6d>6{(T*+F{s^gkV$is^6Q# zI8pDVIcwK$gKDs#_5Bq>*(GNunX#yXWDP3Qqf5S(LhE_=J2GV;Ic2Qy2FTK`W@1!e zJYG4^z0oSwT6YktSx}_iUuvlC5u+Ao;8IU;p=x}IubXZ<*sQ$!wZA@|qmmZWo!6hE z8eR}j@cAz9D~iwT>|ygrMT*Lrd$cZD#t-AQwGB|S5NTTnvrB_2;AYa{oFVhE*@X?;NTLF~5kJ$~=Mq>3&;A2f|+->5ndqeifKEy@EDp0aI;QVZ8 zNc+?#lHlGXPN;)bA)FVr#O5;m;4N1)BUo(w78sMMcLTb^I53qZ42 zk_W%{=`8nLbPqUQX8Owea^Fv->>{atYa5yUbfe$Kgh+c$2LYom6SoF%qEN=cPPn~g zI$`^##B0xfA2b5xX-TL3wb9u)Ae1$Xp%PN|qCNg|fWFRmCfpw%s^1^8!OdQejUx~Q zo9K-x8|@TXW`2ed^Zr6FQ8@$nG@#mK8&eIO+m&+zd76v88BNaf9c^uGNe?ZvD(A*3 zYy?bM4!&0A`c2V`fyltmbs7p-lqIH$RhF;y-1?&yfzy|)to-~MS}k|l5P_N<2>h_9 zlr@j)D83`lI?-%8h~{r*DTN)T#C`VHvY#as8`in64i({ssqaiWDxq8!dkh-BfSJ3ctloX zd0`mQLn=!m{nb5WACrnzpKn+GR7G)RE&@1~3+KA1>M`HC>mFmiziE*T29RX6FEyRc zFdJ&A=9=ijXyF5v!K>Gl8_KH{TKfzA{05aoKPW#%>(XWB!5aL(q=7B}n8NY#aljyH zdhM_2>gJW#y_ex^t2XUrAn7O`>AUX2|Ze_>)Y`7`%` zqjCWI(QnAZ{*V1py76{PfBWv?P?3JA(dYz7=-q9&0so>oH^IR18l>Dv_<^>?o0QTH zTz-!d>`T%L*i+^1Jk1;)!&=wH9(rSu zH>Q!Ci{fRsdXmP>^E@JIjd)=#x!z^eqC=KHaPNHl13HxRruGfTga8g1Zr(w@WU@0ua=)7@fgKrxqq4azPHbxZ|DlK9?_`TDa>Kpz1m* z1L<+<=JyVEj1>JFN#Hq>|2{8(deT3JJOLa4dm48L21q?)0ha&Er2aeYZ01C{(}_fM?JY)h9%YH1o5XZ=9zCeE)sb1}>3POrT5vVE)&@npPsT4QFSk zO-iW%rA_BEg2?Q+_8!qB6Jc1_0{{lS7V(F9)21-YVzjvT;fS}kNcPSN3)xuJFhP2? z+PI*5(wD@)!MWzN!Z|<|Sz{jpPuN@WaJh(D+pY}qh#h~VpE|K=YHnrq!hg7B zLyn+@KLPq77{`DB`eIy{zA5M?y`~H&9fQ>c%d?5CnuSSt4MaLGg%n1aDOPc=z#)x} zS&35!#>xsZ$qMWE;SBFzUxMTj1x1>iXa=FOWF~tL3+&+x!F8{_Bl)#-D1-0PJB+Mz z4ui{@fDt79`v5nvdBb^*smO+W=RQk&{ZjVIPL|E$BCKs~Wea{4gq_)287OdXUj+P3TQ}18+f*&oJQK|6e zf;E3g`k>!aNDr`)Y<`FzYz^kIbnuBXw`b3gjlK(>{cP$jX8jy4IMHbi@MotA#ms!L z){uT}JBK~nWA32^-C^vFB)#GfpD|xq`f4bFXt{{hPYSriGtO^2q>Yn$L7UXEy zP)cZ`y~Nh@ia`Xbw;o3WkBTTFqu-`1>NLNBT%Z_drRkpvsh6f!b9M)HAQl`FCR zO+M+!b8erUN`o${D(7?;_c#qsYO!^+Tl=LqAx&}6&pT=-5O3Jm0xl=2YVBE!H@~dw zK3JL2_0W@i*aeKE03@>RCi3bE01J`P3mj?8dqZMV51$?on@&@^-C1(b0`&#f^?RC`N_jjiTn=pc46T5Cq35^ya9@9oE~DI<0vNLc%_CiKSs&U`b|~s$IT_cumO#T+Uos0_iyvNQr*lmlO9b) zwL*2(BvSNnt=2asycDZ;@{`RX=)a)u4bFor!Ch22Dzw6b2?R+|k|FSyuUz#HnQn6V zLnKW$UwNvI21vaks}X!nH%b5ETt!rmJ{H_rF1RdPAbWAi>cUBYa$5O?XWVX65UeL zi@Lj#RH#dcE>V8KGagz%Ya8qsuT|6`6Zaw|ISN2xucJSE@r+B8h5W4nnCqf`r zebxC6{4aTM3xX3XZH<{!%}&M75}=9qVCG_U>ucUO{P}OJv@$6pmi5Mj4HAC|IJ-P+ z$QH~@z(y-io@?3%j(uha^zxxfn#%2!@f)S8O3Wb2$0twS6=-Y5tpBDp4>>lzWCcI{ z5$ssVU{d#9OG~*>hpzfq4ZLXM1f|mIMaKJ=BtKS7?<=a$XB{;q*y2=htBEQiDQnG( zZBxe1OP6PP4RI8M-5oM}XCRLy=*DbC3&SxQddivBv=0VF4Etd`1)jftE)I$e*N;MG zAfpZMiPKEF!mhOkI`z4-`8Cv4Geha56Z9a(KsUvomC7=HcOm-0!_A$7w;F61=~<${ zf0zx`4c0sMtdIc~DyN#>5$=v(7k@xeri{?I>X% zUTmLmk1Ka^$IF$`fj(aC*rj&O+Bn$YJ$)I;rv;sMwswi!DrtiD`MhMG?su1IJ5`h% zKgE$FS`4i>Z`LtvemSIGYGnc!qO$!ajqh8ONeQOtuW)D6G!zEduAF5!;}3)>kAmA1 zomO1))ut`TxkuktSSQ;)ZXiYToJ)8fzQYj>lN*(JT6TVMG_ct;Eon-xp0JH{w5@wT zYuooFTGyUW2BOjn3K!6Z#6z2%#3TsO{`_;b)Y~z>)&-c*=52hhyTr9aI7QPcyE0t< zoO09TaGV~k_hYMK6q>v-ZgX8q#j^1?i;Y6yRjylaMeI-LZ*C@!WO;`F z5%pp8m2Pe=_)<2I6L620 zG0?ILj>l_$?wMEEhYYfj9@}tePpa+rJ7in5XT`{`XMY*|)p$sQt%8cr^@_sk7K?8h zH92+}P1vpuCbnK{S5|v%AcPnOkugdq+yfja~gx~`}v>j^RnL|9!S_Y^;cfsL5Zj|UX%4+5Yu}RE7-n4J3UnXzLyY(GYRf` z!V84ioB8gqnLb&kT$aC38Jl}_rGITa1>)4ST58rX7DQDkYV_eIDwyoxqfHU&xzjk% zka*Tx9_wF+;;azdd(}6ARX);gtZH(ejJz!j9al-V^DlIjkFbkjU2!jHYtNQ!A^6!x zqAc80;zK7vhL-GFHfLNjg@8NHV$IrQdHM!RCu@lsS&j9`s>zCzI-ti!3cbbXKPHy(I<6zDKyxzK1d(vs$qqqDz&-8?wirq1n5c|FHgp=wn(MrzT2heE>}o4^N4b=(W}iY&1VF^(jE_*?RHq3dcxSk zpUnoCUpih8zS}7g`b^?2lZKG)H^7!UL!O}i7V4G$nxQ`ZTlhEOIpgW(28|Ew`DeH$ zQY`Ys0f=dVYQx_nMS+6=)qf7GX$%1zj9yCd+VT985^cXl=K#m4fl*Iz%pJy zO?)|_5et;vT}}zn8{=W?WM1EKFATmx$8sjOTbv@&H}sRx&!%>ze@CL0yvKS8>Z!Sn zE1$y&(XpHx$8m8h;o@QM`CCfP@)yEp8za3UM<(NduosAAgu!65Ji7h;h&wm6Cds;V zH71)GdO&2tgI{xk9L4WkdH0nNjd7Nb?>l3nJ5RLz+3!a)>q&5uN`YX5&7tMj$R=wv zY}9x#=^_k9NZ}pZ>%YV9jhhK~Iic}N{sP6d-e2WkG|7ecm|n+5o$|_ztDEkT!g;w- z-_pH&gp8~#XH(~2?-eC)S1`j_K%1AO&46A}Obn*wv^e7aAa`VdQY9b2%o|7XnwS#- zW9Uh5>k(rpcrLsU6Ws?Gqo}9s%AlvmynF@d5Bwi8_mB94fAxI5q7?JOQ+6y8o$5lV8}{6{h-lsO98wz(YsUAI>!MvrnCX!A4or#XrfD+nmV zt*K-O!yf64xBz8YC0gOAk2^LkVaPNqYIT4U-YbnAc4UOi{W1`S1Tjfwx5%T`6T&wE zkMc5WOk@Qj^|}%5`JuFYx<*_fnD)4}WVmtC+@wSZX2fX4W(JZG>L~u#OkcWoUKn(P zue9D8d#l^euhr`sZ0JH)D$-)z^2!_brf$&u0@K@|m)hApB{}+V*Fn(!X_$J!@~e-( z$*YB6oZ5pO&a+B=&7C8&<$vU&%?c4%5|;c+vGc7mkaPnY$L?*N8AvK$4`5i_hT-Ih zhas4kD&g=94y<`&DLZj~P?nm<*hop7a?;>X3dzQG6aAEdafZQb%M+g;I(*;Yo_e6LKLKi3g1s;kjTzo!s=_rRc0drwWtD z4VPXevvW)tuzV1E2ZX22@Fl))nJ47>ya_LB2|3NfTqtcR{MfX2YQ4 zay>+m<+?C=9XML@K4VH5i7)0*j%r(2(pDSX&DGz^xuifRKOysGc zNMXyjxUPRuI(v4%z4{gq3Nl(E!~z|=2zK^gG6?|bb&VovksrcwA{z)N0K+mIZF6y7 zJRkyuV0+1=0Z5k<(f;b+_vImNSz9bjyHCj3nLxd_(PoeT10!4?2KCZOX9fNzr@lzO zLmeYYnL(K>Ko3<95Q_rFLi`}w=wtAI0Sy3n;n78c{!h~n6wPGmfo7?{Q$W}tegZ{K zpz8E*6asJp{|jHxEcD-S380w$cW?kmtM~!x{{=F*xT*$_{5#}uv2O9Bx!6)cwtr5I z1}6D$AV#JzAv%}kKZ^!n289`*+DHCR+~xXzTd(H^V}s1ay#EKNMkpYgzq1HHF-C@l zeg@mY^?yJosAdgNc3JIt#@k@Vq3omU(Y(11RI?^rdXGAOLsuYU-HA&Ns|&>}tTjh1 zP-B~cy8Ce!1zIAFrQJr{KPG1{id&XjlLE#7VtGpbGzsP?B5AR7c6uxzp>{OS8^8|0 zQrUu%Ym(y8f!p_YwoJOvr2|!Ls=P%3*MJ53dH!%jHi#! zaqv$7alj-eWUe(0OY5Xs+tqbalRJqXRcr#LWo#T+hmh zpA`R$6F{Ac_xsnA(pJ7)aj(HAMB8y|0XWUW{1*f7EDy^kP(amdldOlCGGTKnZK}W* zxxDovV5Dm`aJe~X?96E8P3sMGe`7{CLTZK7b>^3WZI#2cq#v%_M~(~PwxR_IQx-Uz z^_UXh!V;4)I-Fj@b;sSOBTD z;|rvz`={crzUib7&5iCUpSYnyqfWM|Vzv`98cNHK^EM?zNJ6%MP8jIY+^63>RVyKh z)T1lYZ^h;H`P6L@h|E-TH5 zojn9CzTG37LSi(?W~D3o!Zvt*-m`hgMXW+YxoH1xhD;O+dF!KQ;hX+}~=O(UZ59BAn0Yb{;0IFrjkleJ9xYmC%Y{Fv@H+XR#d^>g&cdQRWxSj zF0*^?JEifkiMp+?llZmcgtld~llXh=rDWdDH(u6?*{dsLGiE0`cD1c5xh8XZ@?}O6 z!2?&E)T3B>Px=O|Z{2WlAGvxviRunxK{!t-*?X;3bfNEy+tIy{LWU2n^`Y_Bxg+wL zBr!F~?n=>bi)fK;SeSl3hi*Ks*?v6A8iq}yuvGVAVGq%jnmk^35F2)52sC-w=mfm}Ctba(J zuG-cpFo)ryk=mQgh)RqM^-&sZF_Iu(IPc_iZuYbju_YyY;cM1E|G^Hw4u25eh&y~A z8_HCWhe{3_+uLzj#d)Ky%0lc59?n3-9uN%Mw6=NIc+0RQKPmPQ6q=#YkWlViZ@>}i z-VgiCdz3jcH5H#8)pd%h@NFlK8y)g)u;)AU?B~WhzlD<8KP)e?7x~2pUa2dps?-H{ z<@rhlISPw=@uW%o* z1XMUZZHqo#qSx$t>BTucHdaau{e9+r0~RUAEe-ZP--mZekuNk^3`!x+nv6VM_gb>( zuIL8i;ChVKTQXp|kvVe`SM;Gj-)CKFWnSKUfPn*E?!*pj@`7Ddhd)TZ(jD6SWz_#Y z6wxQR{BeBMDYBWcR?;R))I}}oTNBNVTMWF)u(o-V@c56>y`MiUx24zXGP zRKvrR4C!H5sFhW`ZT3lTY+IbIrRj7~C+^jL%9}WUY2sj4mBn7r>Ty%G?I8=>-i~Ps z71|3vt*D7#_CbNyie7Aa-y4Jyf0~Q(7=cZ2POG8}>n!4{?EOxTGU-?e0@fXhkBhKo z^;Hg%l>`w@Et9epm228-BA5!tuO%ND)lNM_=bwjM^WUf@01%(M->p{)a9dWiY=Zq* z-IP{fD{aDNbm*syb|UG#)o2H;HR!cn?S@KtY}7zmrYjS%n(HTl``HwqzUrIQB%D%Q z)N}jF)VJ-2;|87k_zKM?yRF@QEl5`0a7Q$hDweG*DCV!yuQr_I=L<(fg*&~Q8nYPX zE3i29&Nl8|0S@KNNTa~QfmZ$Q-sDKRZQ|f8od1_&zA(dQU~hA)T$S9MuaMeL^Sz?3 zuQ+cOu0G1#8}#t-mGnPh+Z>E75m|Y1Hv7!2;<2+s3U14e0x5dLd0+4u1O2!n?XnF* zHaN@azRmN2aWuG6P9Su{e)JkN)Ozi{bk=}UG&14N&6(;VnlQM>jr>djiNjecsImS& zI$Jj%p(>0tRktyCB{V3$MS|k2J9ASAu#eTL8 zg18jlf11b`S_1f;)gf+8%AIYL-)a;WO$r#O$a|cQxuE6bCI`3GU6l9kQV1(7uJDt{ zLNU40G4o7$N{nlt6{^~i4UMEumrlVVO|sIbmA`|<%&s=oB1Acig29);c(!cv$jdl`SI9zLNs z4A2KXm0(8rWbFl0$47+6j|1(zMTz5`R6(o z(%6+=!BMLABy2kfl1-b?qyL2n*U{&1-5ooMva z_ujwM8+tSjhmd9j2oTTcUv_tQ2l^mXmA*b++t^s)weLSV1mcoT#vtHT4-3sz-e7d& zBZ&R##$+AiTK7Hw)`Ulax%0e%o|e7o^ryx*>LM4LPon4%#?`K9m_|AgPR{ES9@jW`6;D#P^XqSk%-Nh;84 z2-V+q4PbBgtLY=i)a0a_^l+ag!O46&@&s2U+=L6RIxS^aMU4mcp_*p-0)~qXcTpim z-_Z*|pDnj!bkHgATHhP5l16WAe!y$S6q=wreoFCPuMc=PfC`AJC|)ca!Rg{kLWl;+ z;b(;6KuqM1^*KBoB!A_$ZHWka-7m##m*@-fXPg59xOyQLSqMW{F`r%{ZL9f*=_ zaBrV%oygp8lANzyFK{o}o^Lj@zZF$^^V~Zu4AUh$eVT-5&Nyz9qkPYJ z-tNOnzUr-MqO7|XHrm2u15*}AeOox%qL+q z0E0jeOOwjRkwF|;%GV#aUNl8I+zfK4|5lSQD&LU(b!5gfcR5N4Vh{dhJMlPi+nn`z z@7}Q2HDLGSy1(2?Z0Z;@aHeW}e%zi=DRmGPA$cZw7JH!7?P5879t=G;az1UDd>hGl z{8Ma3e=3kjG~lcr^gd1^z)wH9*B}s-D9IML*hXi`TNXX(p&?vj@6AGqNNLx!Of~~1 zYG%tQFM!p!Q}$QX)p1TkMbxS**?fgtALay@Xg8g##Q}16Yib`p2b4ouZC~h%*(A`- zbS9F?OxFhMv{aBg{7GeOUJ1P?ZAo%tI6yhSER`NtkdeiIjr67mQnD^zF?sNqw%Djh zEZ?cN%4F_j*d@PhG>UkA@SaIqAJ@ziy3t8Nq7e88wv{{RU1>^J^iWYWfF%6(tTjOB zDy2~Gz3o1-2Y4NeLAT4IJXfljhDN?Dx}+#Lm+&YAWM6|micH~7xmHljLz7R6e@!6~ zr&BPEwZ~nOc<>Kgeg&w!@YGb&diNlwR$=o}79kZ*9Z*8mXZZAU{Xt zP+sHnx&vPUf9z!1+A-&em-+M3#)F1UdhN44)pIRyBr3hvHH$b!>7)RL7XX3WR zH1_L~-xBBttU#EwbCmF})|gJpCqUmr*UPhp=u7jv^1{t11$@dq`G7t7ro2R7EUP){PQN&gS&@_2mGbviTrFp9Cr!pxIj`?c`?osbJ|J-tsCFj8Ks zcSiACTiW*Jd(-@;PlS(EgpDNub>MAsJ0Mt;&4NYR%a$2x1{XT% z(2KqTdp>HKw!>X(y;K&DzY_6qXw@wkIZp(97lMTPxye<4YS*2nT?_X@Tr=;SNxqTi z%+>bRo)S3PtmQDq*CMt=PiQs%=FZjMmt@_Nbr$U%G@tHH~`D6F#+>~|N9r~*i0D2F~< zn-|uvb=L>zpnarjCY4Fvc$awT!(vaP148G#$j1pv~dzi4_1y!sfDPWrnG2Knaq_d*ahZ>RgJ)%Y9~YXJ?V&rK*0 zXs6AohRy`u3?RkJ=@>1u1Y#jpZXogAx3=@*FxCd=%hj5CZW5wd9uge_-DEMZYykfj z2ROQ?nn16OzUG@qdZkYxm`bGszdHzJf%sb!U5_nyfX*8~dB_G^^ERQ|5JhTg1jRxNStDshwprb3ep2FpJxdIG}FIccHTdAn2 zv^YbBLpv=>X!!=(Ou8O?)HJIqKteGiMNS!R4Ti~{o z!5|>5j&8wO#|aY4U-hAk>g{Yk`jpci;a@W4C#4OXDRS!cmu@!j*)m=7(cx zFG-qh)b~v@#aM%%_K&o1Ssl4{%ZAQF;`@r)LreKd(6k@~is zuLO+WA4Kgv^Vs*EjG;HFPk%^ZG%J?dd3@~yk5A7Ktbe%K%txo)o2Hg^(t0Rxb~M`AN(&9#{N{NP)5Jy0d%wBO#B)yJm6~AkXd+b6A25SOrHVL~=V} zoe)~Vz->IVPVkppr<=l8c2dMHEy@03o0>6#=QDC;=3ZUQ7r`2`$1E1OY+dN{xVsz@R74({RN)ko%F#h)}mXx%W7AG7dK8Xh4N!>n8|^G};oYRYS!Z))o2H z7a9v5IUH82+||;EI4D`kN3%KU06Ee#x8jtdJ>^W4FydXb*B-bWxbsc_w7GTGO$^%B zO7FDv58~%-tCV&26%FxLKw6ani{uzveLfpA89e<&Fei8}Gnc*OevA57&}PFEDc>vA zRdF{4EpWWn5(-B&lgmHcjK?ifKJ6~f+YOiZd4KRU)?Ah=h11|0X=0Af!a|8%+1AZ_ zOZm67CD(J(tQh7S%#y+KH_sdI4o23+T>Mq0Uen&;)xwBT*S>>2<0&EIHHmT%6_BTD z==vRFkw(ny>WG;$MZNS}FRhqVP0w_y;y%dSW3cl9#oAR@c;d7sDs1LMEDXC~(z1nX z*=lTIHOibZK}r9d6P}c8$A|a@%xEIlqV1j@YM&~nSMeMnuk$NRhR%6YpTD%>#bExDXeg6QaAJQU8T9Y7MLSe> z2HpiuOtizzaXp0fdPdTWVnA`+2eG`SA)fF_Ko3@-;WyXGU{v^nwpfDpL9HKV20sly zMJJt);0rp23Tant?u|AkR%>LriEQ3?tQm|<<`+@r#Z^PIMpfz2l}K7adZjJ>m4!g> zhjemH2e|-nQ5%E^E(uwHlD<^CYAT~BGYi$-u}FKkR=60Y-o0dJS*uJ#zc=ViSC}kU z(|)R?uvC%phs*Ofua6o~q7@V$*od0Z44;WO*4KWs5CtW3yNm=w0Fha_pZAe5l#Osh4%LK147~%Z=hZI zspw6RKOWOH%GEx4I>51@7~vT;xvGrOI?!I#xc9603vKK?G9aL3)YY@szb8HYj$y4l z6P`>yV>2La-GGi2y#ZyU(XXmK6KRzfaJ$Ky1yoyqvGwx|P<8qt7lp?aOU)n=^^#&Y z5QoSl2R7AV%b2iI0QT0#qveeqFSE5tn@@7gP_GVRElu6FrK|z|{du29X0*|dmfjJKMoKXBb(QSMW{v+&VGUJQ&oz+p6o6rYL`KS&gdG1u8d3S>uD zzFjFXFsSKxNH<%yjT~06if$#?{9iX1jnV_ooot#`}{i&4!7^@MnQew~F ze{eb$9w1Y3;VwIsd?01D9c;So#Y&d4tXCGlV_VU-lFr2ek_y=enb_^o7IPGktd*2G zR}gUVfJGcD#A_&Uje!X0M^dma;6$mcO+_q|FfVu@|0J zanA}+p%MIvcL7k{{q-1$6ybtYsgmFt*1Y(Y#8I%_S87}J0XfQPXa5*6KW7eCSV?F) zNMp~HbRg-OvdP2Y1lP~g!}byFsSBWMmw|@3Q)uX2C;bB{%5J8KO;v!WvuHB5by^Ja z3Vn#I$D@r3qmQcfFXiqo3PJzgi3`MMR5 zm%}Ji+vQU!_e@ntFFv)Zr~NTKd~HArH#$IDG?h;~yZE^BrNSV^z`B|}@S5jAegJj6 zW9iFdQy$2VBW zoefb`CmbB~)5^F2p5qXlO?l?Rp*@=`?a-o?_%D~uA2O^v`Q`FoWWFqcc_&egwJC1( z@G^n1jDy%{jR(%Y`-LG&m?-D_t=GHnaAG1kdPd8J%Zn@iFL}4rK3*;Nwpg+*Q^nuO zw?6=RUk0MxgVM3q_5KSfNE}b7_FLW92QyxD|BA%7X2G@NB>4i_f&d5UZf?l?rr*I> z;7)}PcchjgDzmo7YSDYnn!C9A2lwm)ZhIu8<_%)g%$+LituAWFyHEfVZa8Zl zW$B#rNrq{>i&~jjezbw!TStS)aFHuh4s#?E3Ct@FN*ThjLpOv@J3}tZayaz=XNn~9 zMx>ua*w%;~>|TTPVs|^a@)3J^a;$+_Rn{{!y0*{R)3skgq0)$1mSIF6FYj`d1(Tlw zr??`#j`huCtYy7ioiB|2_?(*~AU3xwWcIhLq!xxTxzO(Q!PjtdCh(CrUK5VP@v4h@v=W zJwz&xaE(HF*=^>(#WgAgtv~HURH{=Dve;--`nDD3@ui^(nq7+$Ql-M)-k!3NuOS84 z_tM}K+YX*UefD!F5AQoh{*2K3A>^)?^X_4A&rs>8>R`urEpAc{lN4BIO&?;f6c&|0 z<01t^GE2PF+g(C#CJ^dtWVC-XN7c$&QXX0oMZVk_>!9rg-gVpnarhp8qT%|=YN^eB zaSMAa#;~DU@RY40#Z#(vVLK1RyJrWXC}ak40N3Qia)Mb32kMLuf4PNOjf?cKNuRM` z!l?t^A5%{sW$6>7mc+qwb%EOf3EUpYg`9UAtJujlY81}PL9yzCfAGQ@EH}&(blM8i z4D&}zo)|r9gMAv}nAe53@z8x*q1stes2*H+1-tSP=9%?th0cB~PCg5L9o3v;KAoo{ z3SV%NwGb^hHzEXyz()IMjaP<;UWl3iP|+a@%6Ofh7>KaRxR&OwCwtiMJndg!F#cw^ zIWN7~-rl6$-NR>0Syz*TcE!6 z!k6p9C(~SVS#x=t6=I=V(S(~|-5LJfmD&q3LbGqaMgq)3X^gwK#hUWcPmW)^Royzc zxo|su6i5pLLshEf$;xbFYfIFULQOpURA~)d5t?-rsNkSrnmmM1IM|#x2r*!BHeGRV zZGnknqWvhwW2H%U*G?!`)nA`KlME|+XOpNW>(F`sU-zc|aW2>fzS?MWpnt(Ptm|vB zodaPu_<(ld3B%$NR6n**KgYMb(74SMa@gs{$+%P8fCusC;K%YyI$M1;NROmyiN&Hd@T-z# z)a*38MmOX~qb{Y50UW~TxfI0I#HZ14hNxi7oF^F5DL5UJG;{Doa~L?Z(9QbBq9L>! z9lOOuqs@QL#LWcMuJ0e6#Nx}+)j=oPP6;r&@Y$kCe>xsDvAqc_lcC1f@y5$jJ$M#- z7S&{rTJm+7z=miZ2F+Ue6S+o4*#0Za`r*J4QMx76v5op?`=>zE2d5+_Gd+!Tg)ZVAmh*&T|yQ$rB$Lm20jS)J;?6j=KFmB`09q;k7a zH7%pO#8>1J$vdtXN{DxyAmp``&=FI@`Tji_0$ZHcup-kzbv`h49jlAYs<2kTTuIVm zQ1_#BTF2P*!>4(Iwm*(mT!%-hvd8_iHT#7(wGgI{+^*yvQHa)^sMEQMwJF7@#$m_& z2i{<-H}o3a^`1}*;coRoJsAh%k9`E_&h;@#Wh-^W?#8>_G-#)#En0U`bSID zgQE6Pu2|V1rwX0zSPYv;Co-H)M4kZN?Ds@N_$EsZzxHd}Y+*3R*qhpc_bj)Cn=FhB zh0Jj$P^8~bypwj`dG)<2M#m=xtgmmGw>NMmC&AqcwsK-YC<5__n(ZA3-|l|Ffn>p{ z30^CpmrcG1%zaP!PBJW#fa)vwWv4xgyK_Xct;$m7}IIM=VYSB zNMclH|4P80w3t1?$kce^%?18LusA{$yO#q+rA37MFb)tr-8cHT3jx|2Fvb7V#ZSdO z4jdLAKmY>AYXX45iO*YF*n)R&u}0hhwo_2KQ;jCBf~&5)xlhP)-dyTW5V>3i0QhR= z(u1Qb06D`mw1|&>J~6?#9Q=643oN^VikgLjbw*&92|YTjy?qt$EOyU4e%b}r1u@b$zgBVe{^S1ukv$z} literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md index 9f65ae6e85..d7431c8085 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md @@ -20,29 +20,30 @@ ms.collection: - m365solution-overview ms.topic: conceptual ms.custom: migrationguides -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- # Migrate from McAfee to Microsoft Defender for Endpoint -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide. -If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide to plan your migration. +:::image type="content" source="images/mcafee-mde-migration.png" alt-text="Overview of migrating from McAfee to Defender for Endpoint"::: + +During migration, you begin with McAfee in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, set Microsoft Defender Antivirus to active mode, and remove McAfee. ## The migration process -When you switch from McAfee to Microsoft Defender for Endpoint, you follow a process that can be divided into three phases, as described in the following table: +When you switch from McAfee to Microsoft Defender for Endpoint, you follow a process that can be divided into three phases: Prepare, Setup, and Onboard. ![Migration phases - prepare setup onboard](images/phase-diagrams/migration-phases.png) - |Phase |Description | |--|--| -|[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During [the **Prepare** phase](mcafee-to-microsoft-defender-prepare.md), you update your organization's devices, get Microsoft Defender for Endpoint, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender for Endpoint. | -|[Set up Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-setup.md) |During [the **Setup** phase](mcafee-to-microsoft-defender-setup.md), you enable Microsoft Defender Antivirus and make sure it's in passive mode, and you configure settings & exclusions for Microsoft Defender Antivirus, Microsoft Defender for Endpoint, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.| -|[Onboard to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-onboard.md) |During [the **Onboard** phase](mcafee-to-microsoft-defender-onboard.md), you onboard your devices to Microsoft Defender for Endpoint and verify that those devices are communicating with Microsoft Defender for Endpoint. Last, you uninstall McAfee and make sure that protection through Microsoft Defender Antivirus & Microsoft Defender for Endpoint is in active mode. | +|[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During the [**Prepare**](mcafee-to-microsoft-defender-prepare.md) phase, you update your organization's devices, get Microsoft Defender for Endpoint, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender for Endpoint. | +|[Set up Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-setup.md) |During the [**Setup**](mcafee-to-microsoft-defender-setup.md) phase, you enable Microsoft Defender Antivirus and make sure it's in passive mode, and you configure settings & exclusions for Microsoft Defender Antivirus, Microsoft Defender for Endpoint, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.| +|[Onboard to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-onboard.md) |During the [**Onboard**](mcafee-to-microsoft-defender-onboard.md) phase, you onboard your devices to Microsoft Defender for Endpoint and verify that those devices are communicating with Microsoft Defender for Endpoint. Last, you uninstall McAfee and make sure that protection through Microsoft Defender Antivirus & Microsoft Defender for Endpoint is in active mode. | ## What's included in Microsoft Defender for Endpoint? From ebf0945bbecb9bc54d968e94f4f08cf1be12716c Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 11 Feb 2021 15:38:51 -0800 Subject: [PATCH 43/69] add n ote --- .../deploy-a-windows-10-image-using-mdt.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 5c8972471b..4887149cd2 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -361,6 +361,9 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh ### Configure the rules +> [!NOTE] +> The following instructions assume the device is online. If you're offline you can remove SLShare variable. + On **MDT01**: 1. Right-click the **MDT Production** deployment share and select **Properties**. @@ -731,7 +734,7 @@ On **MDT01**: The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.) >[!TIP] ->In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. This means you must split the .wim file, which can be done using DISM:
 
Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800.
 
Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
 
To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\True\), so this must be changed and the offline media content updated. +>In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. You can place the image on a different drive (ex: E:\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.swm) and then modify E:\Deploy\Control\OperatingSystems.xml to point to it. Alternatively to keep using the USB you must split the .wim file, which can be done using DISM:
 
Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800.
 
Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
 
To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\True\), so this must be changed and the offline media content updated. Follow these steps to create a bootable USB stick from the offline media content: From c666bb1ba0cb2cfc0a7d3d7a09540232610f13d0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 15:43:59 -0800 Subject: [PATCH 44/69] migration guide updates --- .../mcafee-to-microsoft-defender-migration.md | 2 +- .../mcafee-to-microsoft-defender-onboard.md | 4 +--- .../mcafee-to-microsoft-defender-prepare.md | 5 +---- .../mcafee-to-microsoft-defender-setup.md | 5 +---- .../symantec-to-microsoft-defender-atp-migration.md | 2 +- 5 files changed, 5 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md index d7431c8085..fda35b3de6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md @@ -31,7 +31,7 @@ If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microso :::image type="content" source="images/mcafee-mde-migration.png" alt-text="Overview of migrating from McAfee to Defender for Endpoint"::: -During migration, you begin with McAfee in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, set Microsoft Defender Antivirus to active mode, and remove McAfee. +When you make the switch from McAfee to Defender for Endpoint, you begin with your McAfee solution in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, and then set Defender for Endpoint to active mode and remove McAfee. ## The migration process diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md index f703c93219..053a70a737 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md @@ -20,14 +20,12 @@ ms.collection: - m365solution-scenario ms.custom: migrationguides ms.topic: article -ms.date: 09/24/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- # Migrate from McAfee - Phase 3: Onboard to Microsoft Defender for Endpoint -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |[![Phase 2: Set up](images/phase-diagrams/setup.png)](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |![Phase 3: Onboard](images/phase-diagrams/onboard.png)
Phase 3: Onboard | |--|--|--| || |*You are here!* | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md index 0965e2f8ef..a11af93ccf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md @@ -20,15 +20,12 @@ ms.collection: - m365solution-scenario ms.topic: article ms.custom: migrationguides -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- # Migrate from McAfee - Phase 1: Prepare for your migration -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - |![Phase 1: Prepare](images/phase-diagrams/prepare.png)
Phase 1: Prepare |[![Phase 2: Set up](images/phase-diagrams/setup.png)](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) | |--|--|--| |*You are here!*| | | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md index a35f4d1943..78a654099e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md @@ -20,15 +20,12 @@ ms.collection: - m365solution-scenario ms.topic: article ms.custom: migrationguides -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- # Migrate from McAfee - Phase 2: Set up Microsoft Defender for Endpoint -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)
Phase 2: Set up |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) | |--|--|--| ||*You are here!* | | diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md index 7f20e3e024..8c859f4f40 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md @@ -19,7 +19,7 @@ ms.collection: - m365solution-symantecmigrate - m365solution-overview ms.topic: conceptual -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.custom: migrationguides ms.reviewer: depicker, yongrhee, chriggs --- From c1f48269ffdee8568a9a65facbfe70211fa93eb2 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 11 Feb 2021 15:44:16 -0800 Subject: [PATCH 45/69] modify note --- windows/deployment/vda-subscription-activation.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index bc307dfc3a..4c302978f3 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -37,20 +37,23 @@ Deployment instructions are provided for the following scenarios: ## Activation ### Scenario 1 + - The VM is running Windows 10, version 1803 or later. - The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. ### Scenario 2 + - The Hyper-V host and the VM are both running Windows 10, version 1803 or later. [Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account. ### Scenario 3 + - The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner. - In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server on your corporate network can be used if you have configured a private connection, such as [ExpressRoute](https://azure.microsoft.com/services/expressroute/) or [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/). + In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](https://docs.microsoft.com/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems). For examples of activation issues, see [Troubleshoot the user experience](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses#troubleshoot-the-user-experience). From e698c55c932a6ca3e614f3cdcdf9aeeaf7ffe8a6 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 11 Feb 2021 15:48:57 -0800 Subject: [PATCH 46/69] resolve useless warnings --- .../deploy-a-windows-10-image-using-mdt.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 4887149cd2..9596f65bb1 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -147,7 +147,7 @@ On **MDT01**: 9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and click **Next**. 10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, click **Next** twice, and then click **Finish**. -![acroread](../images/acroread.png) +![acroread image](../images/acroread.png) The Adobe Reader application added to the Deployment Workbench. @@ -267,7 +267,7 @@ On **MDT01**: For the ThinkStation P500 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo ThinkStation P500 model has the 30A6003TUS model name, meaning the Machine Type is 30A6. -![ThinkStation](../images/thinkstation.png) +![ThinkStation image](../images/thinkstation.png) To get the updates, download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can also download the drivers by searching PC Support on the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543). @@ -536,7 +536,7 @@ On **MDT01**: 1. Download MDOP 2015 and copy the DaRT 10 installer file to the D:\\Setup\\DaRT 10 folder on MDT01 (DaRT\\DaRT 10\\Installers\\\\\x64\\MSDaRT100.msi). 2. Install DaRT 10 (MSDaRT10.msi) using the default settings. - ![DaRT](../images/dart.png) + ![DaRT image](../images/dart.png) 2. Copy the two tools CAB files from **C:\\Program Files\\Microsoft DaRT\\v10** (**Toolsx86.cab** and **Toolsx64.cab**) to the production deployment share at **D:\\MDTProduction\\Tools\\x86** and **D:\\MDTProduction\\Tools\\x64**, respectively. 3. In the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**. @@ -607,13 +607,13 @@ On **HV01**: 2. Installs the added application. 3. Updates the operating system via your local Windows Server Update Services (WSUS) server. -![pc0005](../images/pc0005-vm.png) +![pc0005 image](../images/pc0005-vm.png) ### Application installation Following OS installation, Microsoft Office 365 Pro Plus - x64 is installed automatically. - ![pc0005](../images/pc0005-vm-office.png) + ![pc0005 image](../images/pc0005-vm-office.png) ### Use the MDT monitoring feature From acb91d093aea1a48a41d3ece6d9a2b3605394069 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 11 Feb 2021 15:53:25 -0800 Subject: [PATCH 47/69] fix typo --- windows/deployment/vda-subscription-activation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index 4c302978f3..e7ec8ac329 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -32,7 +32,7 @@ Deployment instructions are provided for the following scenarios: - VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later. - VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined. - VMs must be generation 1. -- VMs must hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). +- VMs must be hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). ## Activation @@ -72,7 +72,7 @@ For examples of activation issues, see [Troubleshoot the user experience](https: 6. Follow the instructions to use sysprep at [Steps to generalize a VHD](https://docs.microsoft.com/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd) and then start the VM again. 7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 20. 8. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd). -9. Open Windows Configuration Designer and click **Provison desktop services**. +9. Open Windows Configuration Designer and click **Provision desktop services**. 10. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name. - Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step. 11. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**. @@ -114,7 +114,7 @@ For Azure AD-joined VMs, follow the same instructions (above) as for [Active Dir 3. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**. 4. Click **Add**, type **Authenticated users**, and then click **OK** three times. 5. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd). -6. Open Windows Configuration Designer and click **Provison desktop services**. +6. Open Windows Configuration Designer and click **Provision desktop services**. 7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 8. 1. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name. 2. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**. From f851745efe1091314ea0ccbfe954634dd9ea82f7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 15:54:16 -0800 Subject: [PATCH 48/69] migration guide updates --- .../switch-to-microsoft-defender-migration.md | 2 +- .../symantec-to-microsoft-defender-atp-migration.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md index 1780f55497..801c19ac97 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md @@ -19,7 +19,7 @@ ms.collection: - m365solution-overview ms.topic: conceptual ms.custom: migrationguides -ms.date: 09/24/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho ms.technology: mde --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md index 8c859f4f40..9c5fa1bbb5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md @@ -25,11 +25,11 @@ ms.reviewer: depicker, yongrhee, chriggs --- # Migrate from Symantec to Microsoft Defender for Endpoint +If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide. -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +:::image type="content" source="images/symantec-mde-migration.png" alt-text="Overview of migrating from Symantec to Defender for Endpoint"::: - -If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration. +When you make the switch from Symantec to Defender for Endpoint, you begin with your Symantec solution in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, and then set Defender for Endpoint to active mode and remove Symantec. ## The migration process From db019c874a5e6e2026e3996e83012f5feda1998e Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 11 Feb 2021 15:55:18 -0800 Subject: [PATCH 49/69] resolve useless warning --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 9596f65bb1..2779d317f6 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -607,13 +607,13 @@ On **HV01**: 2. Installs the added application. 3. Updates the operating system via your local Windows Server Update Services (WSUS) server. -![pc0005 image](../images/pc0005-vm.png) +![pc0005 image1](../images/pc0005-vm.png) ### Application installation Following OS installation, Microsoft Office 365 Pro Plus - x64 is installed automatically. - ![pc0005 image](../images/pc0005-vm-office.png) + ![pc0005 image2](../images/pc0005-vm-office.png) ### Use the MDT monitoring feature From ef590ec59ae91997b1a5d8ea97218f0c46e6a8a1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 15:55:32 -0800 Subject: [PATCH 50/69] migration guide updates --- .../symantec-to-microsoft-defender-atp-onboard.md | 5 +---- .../symantec-to-microsoft-defender-atp-prepare.md | 5 +---- .../symantec-to-microsoft-defender-atp-setup.md | 5 +---- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md index 9ba924e18a..0dd5a3a140 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md @@ -18,16 +18,13 @@ ms.collection: - M365-security-compliance - m365solution-symantecmigrate ms.topic: article -ms.date: 09/24/2020 +ms.date: 02/11/2021 ms.custom: migrationguides ms.reviewer: depicker, yongrhee, chriggs --- # Migrate from Symantec - Phase 3: Onboard to Microsoft Defender for Endpoint -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/phase-diagrams/setup.png)](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/phase-diagrams/onboard.png)
Phase 3: Onboard | |--|--|--| || |*You are here!* | diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md index c94db15f09..f89c89cdf9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md @@ -18,16 +18,13 @@ ms.collection: - M365-security-compliance - m365solution-symantecmigrate ms.topic: article -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.custom: migrationguides ms.reviewer: depicker, yongrhee, chriggs --- # Migrate from Symantec - Phase 1: Prepare for your migration -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - |![Phase 1: Prepare](images/phase-diagrams/prepare.png)
Phase 1: Prepare |[![Phase 2: Set up](images/phase-diagrams/setup.png)](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) | |--|--|--| |*You are here!*| | | diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md index c934d60427..daaff76020 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md @@ -18,16 +18,13 @@ ms.collection: - M365-security-compliance - m365solution-symantecmigrate ms.topic: article -ms.date: 11/30/2020 +ms.date: 02/11/2021 ms.custom: migrationguides ms.reviewer: depicker, yongrhee, chriggs --- # Migrate from Symantec - Phase 2: Set up Microsoft Defender for Endpoint -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)
Phase 2: Set up |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) | |--|--|--| ||*You are here!* | | From c37fcd76e87f3eeb69a3cd0bd5867b54503462d6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 16:05:42 -0800 Subject: [PATCH 51/69] migration guide updates --- .../switch-to-microsoft-defender-migration.md | 6 +- .../switch-to-microsoft-defender-onboard.md | 6 +- .../switch-to-microsoft-defender-setup.md | 71 ++++++------------- 3 files changed, 28 insertions(+), 55 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md index 801c19ac97..9e6acab8df 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md @@ -26,7 +26,11 @@ ms.technology: mde # Make the switch from a non-Microsoft endpoint solution to Microsoft Defender for Endpoint -If you are planning to switch from a non-Microsoft endpoint protection solution to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection), and you're looking for help, you're in the right place. Use this article as a guide to plan your migration. +If you are planning to switch from a non-Microsoft endpoint protection solution to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint), you're in the right place. Use this article as a guide. + +:::image type="content" source="images/nonms-mde-migration.png" alt-text="Overview of migrating to Defender for Endpoint"::: + +When you make the switch to Defender for Endpoint, you begin with your non-Microsoft solution in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, and then set Defender for Endpoint to active mode and remove the non-Microsoft solution. > [!TIP] > - If you're currently using McAfee Endpoint Security (McAfee), see [Migrate from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md index 2a3c2f472f..a035ccb910 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md @@ -19,7 +19,7 @@ ms.collection: - m365solution-migratetomdatp ms.custom: migrationguides ms.topic: article -ms.date: 09/24/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- @@ -40,11 +40,8 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho ## Onboard devices to Microsoft Defender for Endpoint 1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in. - 2. Choose **Settings** > **Device management** > **Onboarding**. - 3. In the **Select operating system to start onboarding process** list, select an operating system. - 4. Under **Deployment method**, select an option. Follow the links and prompts to onboard your organization's devices. Need help? See [Onboarding methods](#onboarding-methods) (in this article). ### Onboarding methods @@ -63,7 +60,6 @@ Deployment methods vary, depending on which operating system is selected. Refer To verify that your onboarded devices are properly connected to Microsoft Defender for Endpoint, you can run a detection test. - |Operating system |Guidance | |---------|---------| |- Windows 10
- Windows Server 2019
- Windows Server, version 1803
- Windows Server 2016
- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).

Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md index dfe5a93228..dd119855e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md @@ -19,7 +19,7 @@ ms.collection: - m365solution-migratetomdatp ms.topic: article ms.custom: migrationguides -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- @@ -55,17 +55,11 @@ This step of the migration process includes the following tasks: The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) registry key was used in the past to disable Microsoft Defender Antivirus, and deploy another antivirus product, such as McAfee. In general, you should not have this registry key on your Windows devices and endpoints; however, if you do have `DisableAntiSpyware` configured, here's how to set its value to false: 1. On your Windows Server device, open Registry Editor. - 2. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`. - 3. In that folder, look for a DWORD entry called **DisableAntiSpyware**. - - If you do not see that entry, you're all set. - - If you do see **DisableAntiSpyware**, proceed to step 4. - 4. Right-click the DisableAntiSpyware DWORD, and then choose **Modify**. - 5. Set the value to `0`. (This sets the registry key's value to *false*.) > [!TIP] @@ -80,25 +74,19 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d > - Windows Server 2016 1. As a local administrator on the endpoint or device, open Windows PowerShell. - -2. Run the following PowerShell cmdlets:
- +2. Run the following PowerShell cmdlets:
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
- `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
- > [!NOTE] > When using the DISM command within a task sequence running PS, the following path to cmd.exe is required. > Example:
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
- 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet:
- `Get-Service -Name windefend` > [!TIP] -> Need help? See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016). +> Need help? See [Microsoft Defender Antivirus on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016). ### Set Microsoft Defender Antivirus to passive mode on Windows Server @@ -106,11 +94,8 @@ Because your organization is still using your existing endpoint protection solut 1. Open Registry Editor, and then navigate to
`Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`. - 2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings: - - Set the DWORD's value to **1**. - - Under **Base**, select **Hexadecimal**. > [!NOTE] @@ -127,9 +112,9 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you |Method |What to do | |---------|---------| -|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)

**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.

2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure.
If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).

3. Select **Properties**, and then select **Configuration settings: Edit**.

4. Expand **Microsoft Defender Antivirus**.

5. Enable **Cloud-delivered protection**.

6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.

7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.

8. Select **Review + save**, and then choose **Save**.

For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).| -|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).

**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | -|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/)
or
[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`.

2. Look for a policy called **Turn off Microsoft Defender Antivirus**.

3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.

**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | +|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)
**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.
2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
3. Select **Properties**, and then select **Configuration settings: Edit**.
4. Expand **Microsoft Defender Antivirus**.
5. Enable **Cloud-delivered protection**.
6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.
7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.
8. Select **Review + save**, and then choose **Save**.
**TIP**: For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).| +|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | +|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/)
or
[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`.
2. Look for a policy called **Turn off Microsoft Defender Antivirus**.
3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | ### Confirm that Microsoft Defender Antivirus is in passive mode @@ -137,8 +122,8 @@ Microsoft Defender Antivirus can run alongside your existing endpoint protection |Method |What to do | |---------|---------| -|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.

2. Type `sc query windefend`, and then press Enter.

3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. | -|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.

2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.

3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**. | +|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.
2. Type `sc query windefend`, and then press Enter.
3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. | +|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**. | > [!NOTE] > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. @@ -164,8 +149,8 @@ The specific exclusions to configure depend on which version of Windows your end |OS |Exclusions | |--|--| -|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`

`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`

`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`

`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
| -|- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`

**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.

`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` | +|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
| +|- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` | ## Add your existing solution to the exclusion list for Microsoft Defender Antivirus @@ -181,33 +166,27 @@ You can choose from several methods to add your exclusions to Microsoft Defender |Method | What to do| |--|--| -|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)

**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.

2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.

3. Under **Manage**, select **Properties**.

4. Select **Configuration settings: Edit**.

5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.

6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).

7. Choose **Review + save**, and then choose **Save**. | -|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify.

2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. | -|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.

2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.

3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

4. Double-click the **Path Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Specify each folder on its own line under the **Value name** column.
- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.

5. Click **OK**.

6. Double-click the **Extension Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.

7. Click **OK**. | -|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor.

2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

3. Specify your path and process exclusions. | -|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.

2. Import the registry key. Here are two examples:
- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg`
- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` | +|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)
**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.
2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.
3. Under **Manage**, select **Properties**.
4. Select **Configuration settings: Edit**.
5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.
6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).
7. Choose **Review + save**, and then choose **Save**. | +|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify.
2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. | +|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
4. Double-click the **Path Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Specify each folder on its own line under the **Value name** column.
- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.
5. Click **OK**.
6. Double-click the **Extension Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.
7. Click **OK**. | +|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor.
2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
3. Specify your path and process exclusions. | +|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.
2. Import the registry key. Here are two examples:
- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg`
- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` | ## Add your existing solution to the exclusion list for Microsoft Defender for Endpoint To add exclusions to Microsoft Defender for Endpoint, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files). 1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in. - 2. In the navigation pane, choose **Settings** > **Rules** > **Indicators**. - 3. On the **File hashes** tab, choose **Add indicator**. - -3. On the **Indicator** tab, specify the following settings: +4. On the **Indicator** tab, specify the following settings: - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.) - Under **Expires on (UTC)**, choose **Never**. - -4. On the **Action** tab, specify the following settings: +5. On the **Action** tab, specify the following settings: - **Response Action**: **Allow** - Title and description - -5. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**. - -6. On the **Summary** tab, review the settings, and then click **Save**. +6. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**. +7. On the **Summary** tab, review the settings, and then click **Save**. ### Find a file hash using CMPivot @@ -216,17 +195,11 @@ CMPivot is an in-console utility for Configuration Manager. CMPivot provides acc To use CMPivot to get your file hash, follow these steps: 1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites). - 2. [Start CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot). - 3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`). - 4. Select the **Query** tab. - 5. In the **Device Collection** list, and choose **All Systems (default)**. - 6. In the query box, type the following query:
- ```kusto File(c:\\windows\\notepad.exe) | project Hash @@ -239,9 +212,9 @@ To use CMPivot to get your file hash, follow these steps: | Collection type | What to do | |--|--| -|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.

Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.

Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).

2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.

3. Choose **+ Add device group**.

4. Specify a name and description for the device group.

5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).

6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags).

7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group.

8. Choose **Done**. | -|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.

Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). | -|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.

Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). | +|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.
Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.
Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.
3. Choose **+ Add device group**.
4. Specify a name and description for the device group.
5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags).
7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group.
8. Choose **Done**. | +|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.
Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). | +|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.
Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). | ## Configure antimalware policies and real-time protection From d2c1149d25e73b797befdd5f3e9b7e97246858b8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 16:06:51 -0800 Subject: [PATCH 52/69] Update switch-to-microsoft-defender-prepare.md --- .../switch-to-microsoft-defender-prepare.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md index ab451608fc..f014d6735b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md @@ -19,7 +19,7 @@ ms.collection: - m365solution-migratetomdatp ms.topic: article ms.custom: migrationguides -ms.date: 09/22/2020 +ms.date: 02/11/2021 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- @@ -65,11 +65,8 @@ Need help updating your organization's devices? See the following resources: Now that you've updated your organization's devices, the next step is to get Microsoft Defender for Endpoint, assign licenses, and make sure the service is provisioned. 1. Buy or try Microsoft Defender for Endpoint today. [Start a free trial or request a quote](https://aka.ms/mdatp). - 2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state). - 3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration). - 4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration). At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). @@ -84,14 +81,11 @@ The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions. 1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control). - 2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control). - If your organization requires a method other than Intune, choose one of the following options: - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration) - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm) - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview) - 3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)). ## Configure device proxy and internet connectivity settings From 55350263e366d8e735856dae0dbc74163e09bfc9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 16:09:44 -0800 Subject: [PATCH 53/69] migration guide updates --- .../switch-to-microsoft-defender-setup.md | 3 +-- .../symantec-to-microsoft-defender-atp-onboard.md | 13 +++---------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md index dd119855e3..1c9d5914a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md @@ -200,6 +200,7 @@ To use CMPivot to get your file hash, follow these steps: 4. Select the **Query** tab. 5. In the **Device Collection** list, and choose **All Systems (default)**. 6. In the query box, type the following query:
+ ```kusto File(c:\\windows\\notepad.exe) | project Hash @@ -219,9 +220,7 @@ To use CMPivot to get your file hash, follow these steps: ## Configure antimalware policies and real-time protection Using Configuration Manager and your device collection(s), configure your antimalware policies. - - See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies). - - While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus). > [!TIP] diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md index 0dd5a3a140..0a2b297d72 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md @@ -40,11 +40,8 @@ ms.reviewer: depicker, yongrhee, chriggs ## Onboard devices to Microsoft Defender for Endpoint 1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in. - 2. Choose **Settings** > **Device management** > **Onboarding**. - 3. In the **Select operating system to start onboarding process** list, select an operating system. - 4. Under **Deployment method**, select an option. Follow the links and prompts to onboard your organization's devices. Need help? See [Onboarding methods](#onboarding-methods) (in this article). ### Onboarding methods @@ -63,7 +60,6 @@ Deployment methods vary, depending on which operating system is selected. Refer To verify that your onboarded devices are properly connected to Microsoft Defender for Endpoint, you can run a detection test. - |Operating system |Guidance | |---------|---------| |- Windows 10
- Windows Server 2019
- Windows Server, version 1803
- Windows Server 2016
- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).

Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. | @@ -75,12 +71,11 @@ To verify that your onboarded devices are properly connected to Microsoft Defend Now that you have onboarded your organization's devices to Microsoft Defender for Endpoint, your next step is to uninstall Symantec. 1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in Symantec. - -2. Delete the uninstall password for Symantec: +2. Delete the uninstall password for Symantec:
1. On your Windows devices, open Registry Editor as an administrator. 2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`. - 3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. - + 3. Look for an entry named **SmcInstData**. + 4. Right-click the item, and then choose **Delete**. 3. Remove Symantec from your devices. If you need help with this, see Broadcom's documentation. Here are a few Broadcom resources: - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html) - Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040) @@ -99,7 +94,5 @@ To do this, visit the Microsoft Defender for Endpoint demo scenarios site ([http ## Next steps **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! - - [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). - - [Manage Microsoft Defender for Endpoint, post migration](manage-atp-post-migration.md). From 361766e55b3b0e19cc16b92a4de70e94a7385cf4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 16:11:14 -0800 Subject: [PATCH 54/69] Update symantec-to-microsoft-defender-atp-prepare.md --- .../symantec-to-microsoft-defender-atp-prepare.md | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md index f89c89cdf9..2b72584931 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md @@ -42,11 +42,8 @@ This migration phase includes the following steps: To get started, you must have Microsoft Defender for Endpoint, with licenses assigned and provisioned. 1. Buy or try Microsoft Defender for Endpoint today. [Visit Microsoft Defender for Endpoint to start a free trial or request a quote](https://aka.ms/mdatp). - 2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state). - 3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration). - 4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration). At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). @@ -61,14 +58,11 @@ The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions. 1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control). - -2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control). - - If your organization requires a method other than Intune, choose one of the following options: +2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+ If your organization requires a method other than Intune, choose one of the following options: - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration) - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm) - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview) - 3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)). ## Configure device proxy and internet connectivity settings @@ -87,5 +81,4 @@ To enable communication between your devices and Microsoft Defender for Endpoint ## Next step **Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! - - [Proceed to set up Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-setup.md). From 50ed609ae5434bec0dbd2e016da7ed4371d35723 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Feb 2021 16:14:25 -0800 Subject: [PATCH 55/69] Update symantec-to-microsoft-defender-atp-setup.md --- ...ymantec-to-microsoft-defender-atp-setup.md | 58 ++++++------------- 1 file changed, 19 insertions(+), 39 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md index daaff76020..9224748cb5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md @@ -60,9 +60,7 @@ Now that you're moving from Symantec to Microsoft Defender for Endpoint, you'll > Microsoft Defender Antivirus is built into Windows 10, but it might be disabled. In this case, proceed to [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus). 1. As a local administrator on the endpoint or device, open Windows PowerShell. - 2. Run the following PowerShell cmdlets: - `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` @@ -71,7 +69,6 @@ Now that you're moving from Symantec to Microsoft Defender for Endpoint, you'll > Example:
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
- 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet:
`Get-Service -Name windefend` @@ -84,7 +81,6 @@ Because your organization is still using Symantec, you must set Microsoft Defend 1. Open Registry Editor, and then navigate to
`Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`. - 2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings: - Set the DWORD's value to **1**. - Under **Base**, select **Hexadecimal**. @@ -103,9 +99,9 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you |Method |What to do | |---------|---------| -|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)

**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.

2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).

3. Select **Properties**, and then select **Configuration settings: Edit**.

4. Expand **Microsoft Defender Antivirus**.

5. Enable **Cloud-delivered protection**.

6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.

7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.

8. Select **Review + save**, and then choose **Save**.

For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).| -|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).

**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | -|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/)
or
[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`.

2. Look for a policy called **Turn off Microsoft Defender Antivirus**.

3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.

**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | +|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)
**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.
2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
3. Select **Properties**, and then select **Configuration settings: Edit**.
4. Expand **Microsoft Defender Antivirus**.
5. Enable **Cloud-delivered protection**.
6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.
7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.
8. Select **Review + save**, and then choose **Save**.
For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).| +|Control Panel in Windows |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | +|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/)
or
[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus) |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`.
2. Look for a policy called **Turn off Microsoft Defender Antivirus**.
3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. | ### Verify that Microsoft Defender Antivirus is in passive mode @@ -113,8 +109,8 @@ Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Def |Method |What to do | |---------|---------| -|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.

2. Type `sc query windefend`, and then press Enter.

3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. | -|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.

2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.

3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.| +|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.
2. Type `sc query windefend`, and then press Enter.
3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. | +|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.| > [!NOTE] > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. @@ -135,8 +131,8 @@ This step of the setup process involves adding Microsoft Defender for Endpoint t |OS |Exclusions | |--|--| -|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`

`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`

`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`

`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
| -|- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`

**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.

`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`

`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` | +|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
| +|- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` | ## Add Symantec to the exclusion list for Microsoft Defender Antivirus @@ -155,35 +151,27 @@ You can choose from several methods to add your exclusions to Microsoft Defender |Method | What to do| |--|--| -|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)

**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.

2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.

3. Under **Manage**, select **Properties**.

4. Select **Configuration settings: Edit**.

5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.

6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).

7. Choose **Review + save**, and then choose **Save**. | -|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify.

2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. | -|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.

2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.

3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

4. Double-click the **Path Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Specify each folder on its own line under the **Value name** column.
- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.

5. Click **OK**.

6. Double-click the **Extension Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.

7. Click **OK**. | -|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor.

2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

3. Specify your path and process exclusions. | -|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.

2. Import the registry key. Here are two examples:
- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg`
- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` | +|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)
**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.
2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.
3. Under **Manage**, select **Properties**.
4. Select **Configuration settings: Edit**.
5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.
6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).
7. Choose **Review + save**, and then choose **Save**. | +|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify.
2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. | +|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
4. Double-click the **Path Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Specify each folder on its own line under the **Value name** column.
- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.
5. Click **OK**.
6. Double-click the **Extension Exclusions** setting and add the exclusions.
- Set the option to **Enabled**.
- Under the **Options** section, click **Show...**.
- Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.
7. Click **OK**. | +|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor.
2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**.
**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
3. Specify your path and process exclusions. | +|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.
2. Import the registry key. Here are two examples:
- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg`
- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` | ## Add Symantec to the exclusion list for Microsoft Defender for Endpoint To add exclusions to Microsoft Defender for Endpoint, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files). 1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in. - 2. In the navigation pane, choose **Settings** > **Rules** > **Indicators**. - 3. On the **File hashes** tab, choose **Add indicator**. - -3. On the **Indicator** tab, specify the following settings: - +4. On the **Indicator** tab, specify the following settings: - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.) - Under **Expires on (UTC)**, choose **Never**. - -4. On the **Action** tab, specify the following settings: - +5. On the **Action** tab, specify the following settings: - **Response Action**: **Allow** - Title and description - -5. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**. - -6. On the **Summary** tab, review the settings, and then click **Save**. +6. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**. +7. On the **Summary** tab, review the settings, and then click **Save**. ### Find a file hash using CMPivot @@ -192,17 +180,11 @@ CMPivot is an in-console utility for Configuration Manager. CMPivot provides acc To use CMPivot to get your file hash, follow these steps: 1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites). - 2. [Start CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot). - 3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`). - 4. Select the **Query** tab. - 5. In the **Device Collection** list, and choose **All Systems (default)**. - 6. In the query box, type the following query:
- ```kusto File(c:\\windows\\notepad.exe) | project Hash @@ -216,16 +198,15 @@ To use CMPivot to get your file hash, follow these steps: | Collection type | What to do | |--|--| -|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.

Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.

Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).

2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.

3. Choose **+ Add device group**.

4. Specify a name and description for the device group.

5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).

6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags).

7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group.

8. Choose **Done**. | -|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.

Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). | -|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.

Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). | +|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.
Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.
Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.
3. Choose **+ Add device group**.
4. Specify a name and description for the device group.
5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags).
7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group.
8. Choose **Done**. | +|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.
Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). | +|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.
Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). | ## Configure antimalware policies and real-time protection Using Configuration Manager and your device collection(s), configure your antimalware policies. - See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies). - - While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus). > [!TIP] @@ -234,5 +215,4 @@ Using Configuration Manager and your device collection(s), configure your antima ## Next step **Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! - - [Proceed to Phase 3: Onboard to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-onboard.md) From c7ff98bb5bda31ba73a19309b2d747824679e5a7 Mon Sep 17 00:00:00 2001 From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com> Date: Thu, 11 Feb 2021 16:36:03 -0800 Subject: [PATCH 56/69] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...age-updates-baselines-microsoft-defender-antivirus.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 0d5c3a2ccf..c478633932 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -78,11 +78,11 @@ All our updates contain

- January-2021 (Platform: 4.18.2101.8 | Engine: 1.1.17800.5) + January-2021 (Platform: 4.18.2101.9 | Engine: 1.1.17800.5)  Security intelligence update version: **1.327.1854.0**  Released: **February 2, 2021** - Platform: **4.18.2101.8** + Platform: **4.18.2101.9**  Engine: **1.1.17800.5**  Support phase: **Security and Critical Updates** @@ -146,7 +146,7 @@ After a new package version is released, support for the previous two versions i  Released: **October 01, 2020**  Platform: **4.18.2009.7**  Engine: **1.1.17500.4** - Support phase: **Security and Critical Updates** + Support phase: **Technical upgrade support (only)** ### What's new @@ -172,7 +172,8 @@ No known issues  Released: **August 27, 2020**  Platform: **4.18.2008.9**  Engine: **1.1.17400.5** - + Support phase: **Technical upgrade support (only)** + ### What's new - Add more telemetry events From 8254cba57c8f64783ab0185beb48650a02cc0724 Mon Sep 17 00:00:00 2001 From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com> Date: Thu, 11 Feb 2021 17:29:28 -0800 Subject: [PATCH 57/69] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 0d5c3a2ccf..b275ad0afe 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -93,6 +93,7 @@ All our updates contain - Increased visibility for credential stealing attempts - Improvements in antitampering features in Microsoft Defender Antivirus services - Improved support for ARM x64 emulation +- Fix: EDR Block notification remains in threat history after real-time protection performed initial detection ### Known Issues No known issues From 6826cb93c73d81139e7070b4b040cf9f354efa03 Mon Sep 17 00:00:00 2001 From: Rasmus W Date: Fri, 12 Feb 2021 15:44:10 +0100 Subject: [PATCH 58/69] typo fix --- windows/deployment/update/windows-update-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index ed776f86d0..37dcc627f0 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -31,7 +31,7 @@ The following table describes the log files created by Windows Update. To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru). >[!NOTE] ->When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpate.log unless you run **Get-WindowsUpdateLog** again. +>When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run **Get-WindowsUpdateLog** again. ### Windows Update log components The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file: From 7c1a6c441612a0db8bfcbc90858af3527a533966 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 12 Feb 2021 08:57:19 -0800 Subject: [PATCH 59/69] add downlevel --- .../configure-endpoints-vdi.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index d0ec840095..bd29f01bd5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -26,6 +26,7 @@ ms.technology: mde **Applies to:** - Virtual desktop infrastructure (VDI) devices +- Windows 10, Windows Server 2019, Windows Server 2008R2/2012R2/2016 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink) @@ -58,6 +59,9 @@ The following steps will guide you through onboarding VDI devices and will highl >[!WARNING] > For environments where there are low resource configurations, the VDI boot procedure might slow the Defender for Endpoint sensor onboarding. + +### For Windows 10 or Windows Server 2019 + 1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): 1. In the navigation pane, select **Settings** > **Onboarding**. @@ -108,6 +112,14 @@ The following steps will guide you through onboarding VDI devices and will highl 7. Use the search function by entering the device name and select **Device** as search type. + +## For downlevel SKUs +1. Set registry value 'HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging|VDI’ to “NonPersistent' + +2. Follow the [server onboarding process](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016). + + + ## Updating non-persistent virtual desktop infrastructure (VDI) images As a best practice, we recommend using offline servicing tools to patch golden/master images.
For example, you can use the below commands to install an update while the image remains offline: From 9e23f669340d0cc49b1d33ed1d89676e813e28d0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Feb 2021 23:27:17 +0530 Subject: [PATCH 60/69] typo correction removed 365 as per user report #9135 , so i removed 365 --- windows/security/includes/microsoft-defender.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md index f11b229d47..8049d8cf32 100644 --- a/windows/security/includes/microsoft-defender.md +++ b/windows/security/includes/microsoft-defender.md @@ -11,4 +11,4 @@ ms.topic: include --- > [!IMPORTANT] -> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the **Applies To** section and look for specific call outs in this article where there might be differences. +> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the **Applies To** section and look for specific call outs in this article where there might be differences. From bd7e1787cd1cefffa1c492d92f7c3b4a1f69f90c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 12 Feb 2021 09:58:10 -0800 Subject: [PATCH 61/69] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index b275ad0afe..e7914f36f3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr manager: dansimp -ms.date: 02/04/2021 +ms.date: 02/12/2021 ms.technology: mde --- From 072b9f9cbe39b736fa06599333f3075dd4b7197d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 12 Feb 2021 09:59:07 -0800 Subject: [PATCH 62/69] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index c478633932..a3de941a1b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr manager: dansimp -ms.date: 02/04/2021 +ms.date: 02/12/2021 ms.technology: mde --- From 9965f26ba27a9d39c725d4598e0a2c3f76ab6608 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 12 Feb 2021 10:00:14 -0800 Subject: [PATCH 63/69] Update microsoft-defender.md --- windows/security/includes/microsoft-defender.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md index 8049d8cf32..0cf05d9d0d 100644 --- a/windows/security/includes/microsoft-defender.md +++ b/windows/security/includes/microsoft-defender.md @@ -11,4 +11,4 @@ ms.topic: include --- > [!IMPORTANT] -> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the **Applies To** section and look for specific call outs in this article where there might be differences. +> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the **Applies To** section and look for specific call outs in this article where there might be differences. From f3d5bf6a093cb41ca576e09430d68ebfc733ba97 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 12 Feb 2021 10:49:54 -0800 Subject: [PATCH 64/69] removed AllowCortanaInAAD since this never shipped --- .../mdm/policy-csp-search.md | 30 +------------------ 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 5fe588c782..b3290f82dc 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 09/27/2019 +ms.date: 02/12/2021 ms.reviewer: manager: dansimp --- @@ -25,9 +25,6 @@ manager: dansimp -
- Search/AllowCortanaInAAD -
Search/AllowFindMyFiles
@@ -137,7 +134,6 @@ The following list shows the supported values:
-**Search/AllowCortanaInAAD** @@ -178,30 +174,6 @@ The following list shows the supported values:
- - -Added in Windows 10, version 1803. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow.. - - - -ADMX Info: -- GP English name: *Allow Cortana Page in OOBE on an AAD account* -- GP name: *AllowCortanaInAAD* -- GP path: *Windows Components/Search* -- GP ADMX file name: *Search.admx* - - - -The following list shows the supported values: - -- 0 (default) - Not allowed. The Cortana consent page will not appear in AAD OOBE during setup. -- 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. - - - - -
- **Search/AllowFindMyFiles** From c6a7fdc94347e928d2bc170ee13bae6b8103e64d Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 12 Feb 2021 11:06:39 -0800 Subject: [PATCH 65/69] remove links --- .../mdm/policies-in-policy-csp-supported-by-group-policy.md | 1 - .../mdm/policy-configuration-service-provider.md | 3 --- 2 files changed, 4 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 09c680512c..82ebb94a80 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -731,7 +731,6 @@ ms.date: 07/18/2019 - [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells) - [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) - [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch) -- [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad) - [Search/AllowFindMyFiles](./policy-csp-search.md#search-allowfindmyfiles) - [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems) - [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 8bfdfd90cc..70fdf7d6d4 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7571,9 +7571,6 @@ The following diagram shows the Policy configuration service provider in tree fo
Search/AllowCloudSearch
-
- Search/AllowCortanaInAAD -
Search/AllowFindMyFiles
From 56afa35c84819a37c5320132ca010f5171966371 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 12 Feb 2021 11:30:02 -0800 Subject: [PATCH 66/69] Update docfx.json Update "hideEdit" to false --- windows/configuration/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index 7b6e54aa9f..0a784d5c01 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -37,7 +37,7 @@ "audience": "ITPro", "ms.topic": "article", "feedback_system": "None", - "hideEdit": true, + "hideEdit": false, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-configuration", From 15a1ee08400daa22451d72946e538a2d767f2923 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 12 Feb 2021 12:48:08 -0800 Subject: [PATCH 67/69] portal set tags --- .../microsoft-defender-atp/machine-tags.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md index 8b7dd420b1..b79bf95813 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md @@ -54,10 +54,16 @@ To add device tags using API, see [Add or remove device tags API](add-or-remove- ![Image of adding tags on a device](images/new-tags.png) +>[!NOTE] +> Fl + + + Tags are added to the device view and will also be reflected on the **Devices list** view. You can then use the **Tags** filter to see the relevant list of devices. >[!NOTE] -> Filtering might not work on tag names that contain parenthesis. +> Filtering might not work on tag names that contain parenthesis.
+> Filtering will only find portal set tags. You can also delete tags from this view. From e8a4ec4483af95377184621a6faa3cc8aec933b8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 12 Feb 2021 12:48:32 -0800 Subject: [PATCH 68/69] edit --- .../threat-protection/microsoft-defender-atp/machine-tags.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md index b79bf95813..241f41e85d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md @@ -54,11 +54,6 @@ To add device tags using API, see [Add or remove device tags API](add-or-remove- ![Image of adding tags on a device](images/new-tags.png) ->[!NOTE] -> Fl - - - Tags are added to the device view and will also be reflected on the **Devices list** view. You can then use the **Tags** filter to see the relevant list of devices. >[!NOTE] From 5083d2af954b0c60b8fd02492c7c187e114e3f14 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 12 Feb 2021 13:28:12 -0800 Subject: [PATCH 69/69] Update .acrolinx-config.edn --- .acrolinx-config.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index ca2b15930d..82c001e81f 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -11,7 +11,7 @@ } :scores { ;;:terminology 100 - :qualityscore 65 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place + :qualityscore 80 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place ;;:spelling 40 } }
Search/AllowCloudSearch