diff --git a/windows/client-management/mdm/images/block-untrusted-processes.png b/windows/client-management/mdm/images/block-untrusted-processes.png new file mode 100644 index 0000000000..c9d774457e Binary files /dev/null and b/windows/client-management/mdm/images/block-untrusted-processes.png differ diff --git a/windows/security/information-protection/bitlocker/images/kernel-dma-protection-security-center.png b/windows/security/information-protection/bitlocker/images/kernel-dma-protection-security-center.png new file mode 100644 index 0000000000..9f9aea0f86 Binary files /dev/null and b/windows/security/information-protection/bitlocker/images/kernel-dma-protection-security-center.png differ diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 3f71393153..50c63fd31c 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: aadake -ms.date: 10/03/2018 +ms.date: 12/08/2018 --- # Kernel DMA Protection for Thunderboltâ„¢ 3 @@ -65,11 +65,17 @@ Systems released prior to Windows 10 version 1803 do not support Kernel DMA Prot Systems running Windows 10 version 1803 that do support Kernel DMA Protection do have this security feature enabled automatically by the OS with no user or IT admin configuration required. -**To check if a device supports Kernel DMA Protection** +### Using Security Center + +Beginning with Wndows 10 version 1809, you can use Security Center to check if Kernel DMA Protection is enabled. Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation details** > **Memory access protection**. + +![Kernel DMA protection in Security Center](bitlocker/images/kernel-dma-protection-security-center.png) + +### Using System information 1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar. 2. Check the value of **Kernel DMA Protection**. - ![Kernel DMA protection](bitlocker/images/kernel-dma-protection.png) + ![Kernel DMA protection in System Information](bitlocker/images/kernel-dma-protection.png) 3. If the current state of **Kernel DMA Protection** is OFF and **Virtualization Technology in Firmware** is NO: - Reboot into BIOS settings - Turn on Intel Virtualization Technology. diff --git a/windows/security/threat-protection/device-control/images/class-guids.png b/windows/security/threat-protection/device-control/images/class-guids.png new file mode 100644 index 0000000000..6951e4ed5a Binary files /dev/null and b/windows/security/threat-protection/device-control/images/class-guids.png differ diff --git a/windows/security/threat-protection/device-control/images/hardware-ids.png b/windows/security/threat-protection/device-control/images/hardware-ids.png new file mode 100644 index 0000000000..9017f289f6 Binary files /dev/null and b/windows/security/threat-protection/device-control/images/hardware-ids.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md index da80f7bb7e..c7cfc039ad 100644 --- a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md @@ -50,7 +50,6 @@ detectionSource | string | Detection source. threatFamilyName | string | Threat family. title | string | Alert title. description | String | Description of the threat, identified by the alert. -recommendedAction | String | Action recommended for handling the suspected threat. alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was created. lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine. firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine. @@ -74,7 +73,6 @@ machineId | String | ID of a [machine](machine-windows-defender-advanced-threat- "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", "description": "Some description" - "recommendedAction": "Some recommended action" "alertCreationTime": "2018-11-26T16:19:21.8409809Z", "firstEventTime": "2018-11-26T16:17:50.0948658Z", "lastEventTime": "2018-11-26T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md index 88f5545da4..b207613837 100644 --- a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md @@ -84,8 +84,8 @@ Content-Length: application/json "machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "severity": "Low", "title": "test alert", - "description": "redalert", - "recommendedAction": "white alert", + "description": "test alert", + "recommendedAction": "test alert", "eventTime": "2018-08-03T16:45:21.7115183Z", "reportId": "20776", "category": "None" diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index 37c5a9f1d7..2c87e56309 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -100,8 +100,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-26T16:19:21.8409809Z", "firstEventTime": "2018-11-26T16:17:50.0948658Z", "lastEventTime": "2018-11-26T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md index 88cda0c956..5c9436aefc 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md @@ -87,8 +87,7 @@ Here is an example of the response. "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-25T16:19:21.8409809Z", "firstEventTime": "2018-11-25T16:17:50.0948658Z", "lastEventTime": "2018-11-25T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md index 7cf854cf6f..9b0c1f4123 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md @@ -100,8 +100,7 @@ Here is an example of the response. "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-26T16:19:21.8409809Z", "firstEventTime": "2018-11-26T16:17:50.0948658Z", "lastEventTime": "2018-11-26T16:18:01.809871Z", @@ -121,8 +120,7 @@ Here is an example of the response. "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-25T16:19:21.8409809Z", "firstEventTime": "2018-11-25T16:17:50.0948658Z", "lastEventTime": "2018-11-25T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md index 39c7ea3379..639c228caf 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -96,8 +96,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-25T16:19:21.8409809Z", "firstEventTime": "2018-11-25T16:17:50.0948658Z", "lastEventTime": "2018-11-25T16:18:01.809871Z", @@ -117,8 +116,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-24T16:19:21.8409809Z", "firstEventTime": "2018-11-24T16:17:50.0948658Z", "lastEventTime": "2018-11-24T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md index b8db356dde..7f309c2d4b 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -94,8 +94,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-26T16:19:21.8409809Z", "firstEventTime": "2018-11-26T16:17:50.0948658Z", "lastEventTime": "2018-11-26T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md index 601886b8ec..369f38ef43 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -93,8 +93,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-25T16:19:21.8409809Z", "firstEventTime": "2018-11-25T16:17:50.0948658Z", "lastEventTime": "2018-11-25T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md index 191f30cfc2..22e929fc9c 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -93,8 +93,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-25T16:19:21.8409809Z", "firstEventTime": "2018-11-25T16:17:50.0948658Z", "lastEventTime": "2018-11-25T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md index 139d24daf4..f78eff0109 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -93,8 +93,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-25T16:19:21.8409809Z", "firstEventTime": "2018-11-25T16:17:50.0948658Z", "lastEventTime": "2018-11-25T16:18:01.809871Z", @@ -114,8 +113,7 @@ Content-type: application/json "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-24T16:19:21.8409809Z", "firstEventTime": "2018-11-24T16:17:50.0948658Z", "lastEventTime": "2018-11-24T16:18:01.809871Z", diff --git a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md index 6c225819b2..580d9cd88b 100644 --- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md @@ -40,7 +40,7 @@ id | Guid | Identity of the [Machine Action](machineaction-windows-defender-adva type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution" requestor | String | Identity of the person that executed the action. requestorComment | String | Comment that was written when issuing the action. -status | Enum | Current status of the command. Possible values are: "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled". +status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled". machineId | String | Id of the machine on which the action was executed. creationDateTimeUtc | DateTimeOffset | The date and time when the action was created. lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated. diff --git a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md index 4e69de458e..cfc99280d3 100644 --- a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md @@ -98,8 +98,7 @@ Here is an example of the response. "detectionSource": "WindowsDefenderAv", "threatFamilyName": "Mikatz", "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description" - "recommendedAction": "Some recommended action" + "description": "Some description", "alertCreationTime": "2018-11-26T16:19:21.8409809Z", "firstEventTime": "2018-11-26T16:17:50.0948658Z", "lastEventTime": "2018-11-26T16:18:01.809871Z",