From f7d9f560f4850071180dbf979c9fc3b70884532a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 22 Jun 2021 14:42:40 -0700 Subject: [PATCH 1/9] Added the NTSATUS section --- .../event-tag-explanations.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index 2ae5aa34a4..a8d2a29659 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -120,3 +120,7 @@ The rule means trust anything signed by a certificate that chains to this root C | 19 | Microsoft ECC Devices Root CA 2017 | For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file. + +## NTSTATUS Values + +Represents values that are used to communicate system information. They are of four types: success values, information values, warning values, and error values. Click on the [NTSATUS](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55) link for information about common usage details. From 89ef49a2a467f46296f9a00b87e25e1582ca4814 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 22 Jun 2021 14:59:45 -0700 Subject: [PATCH 2/9] Updated the section name --- .../event-tag-explanations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index a8d2a29659..1d237cd396 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -121,6 +121,6 @@ The rule means trust anything signed by a certificate that chains to this root C For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file. -## NTSTATUS Values +## Status Values Represents values that are used to communicate system information. They are of four types: success values, information values, warning values, and error values. Click on the [NTSATUS](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55) link for information about common usage details. From 227442b0184fa827a9b27a987f3e19846275dea2 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Wed, 23 Jun 2021 14:58:51 -0700 Subject: [PATCH 3/9] Included suggested edits to Status values section --- .../event-tag-explanations.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index 1d237cd396..d19f762683 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -121,6 +121,6 @@ The rule means trust anything signed by a certificate that chains to this root C For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file. -## Status Values +## Status values -Represents values that are used to communicate system information. They are of four types: success values, information values, warning values, and error values. Click on the [NTSATUS](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55) link for information about common usage details. +Represents values that are used to communicate system information. They are of four types: success values, information values, warning values, and error values. Click on the [NTSATUS](/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55) link for information about common usage details. From 1fcd7ee99724df028de45624a918fee8c48578ef Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 13 Jul 2021 10:55:15 -0700 Subject: [PATCH 4/9] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index dc1dd3eca7..2f10e7426d 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -17957,27 +17957,27 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-configuration-manager", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-configuration-manager", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-group-policy-objects", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-group-policy-objects", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-intune", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-intune", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-other-tools", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-other-tools", "redirect_document_id": false }, { @@ -18022,22 +18022,22 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-migration", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-onboard", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-setup", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup", "redirect_document_id": false }, { @@ -18367,22 +18367,22 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-migration", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-onboard", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-prepare", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-setup", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup", "redirect_document_id": false }, { From b8bbf43577e4f6dd818235c4db3c3350cba97b0e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 13 Jul 2021 12:03:19 -0700 Subject: [PATCH 5/9] updating check marks --- .../mdm/configuration-service-provider-reference.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index a780da0495..c22595460c 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -1270,10 +1270,10 @@ Additional lists: cross mark - check mark - check mark - check mark - check mark + check mark + check mark + check mark + check mark check mark From e9582816ae06af226dd38472e52c4c45e602bf4c Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 13 Jul 2021 12:34:00 -0700 Subject: [PATCH 6/9] updating UEFI too --- .../mdm/configuration-service-provider-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index c22595460c..cce8060fe3 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2156,7 +2156,7 @@ Additional lists: cross mark - check mark + check mark check mark4 check mark4 check mark4 From 7d71012f2c43aeac083218ec17953e311d4f8ad8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 13 Jul 2021 13:24:31 -0700 Subject: [PATCH 7/9] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 5f12576ef7..a05bd37d01 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 03/04/2020 +ms.date: 07/13/2021 ms.technology: mde --- @@ -121,7 +121,7 @@ To create the WDAC policy, they build a reference server on their standard hardw As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If the unsigned, internal application is updated, they must also update the WDAC policy to allow the new version. ## File rule precedence order -<<<<<<< HEAD + WDAC has a built-in file rule conflict logic that translates to precedence order. It will first processes all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). ## More information about filepath rules From eb90c7fec69f8f95879d5886da983516b58d029b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 13 Jul 2021 13:24:49 -0700 Subject: [PATCH 8/9] Update windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index a05bd37d01..0f5ed1558b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -122,7 +122,7 @@ As part of normal operations, they will eventually install software updates, or ## File rule precedence order -WDAC has a built-in file rule conflict logic that translates to precedence order. It will first processes all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). +WDAC has a built-in file rule conflict logic that translates to precedence order. It will first process all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). ## More information about filepath rules From 39a975e9dc090d4c264258237b627d227a7ffa5d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 13 Jul 2021 13:25:19 -0700 Subject: [PATCH 9/9] Update event-tag-explanations.md --- .../event-tag-explanations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index d19f762683..9eb35220b5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 8/27/2020 +ms.date: 07/13/2021 ms.technology: mde ---