deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #9018 from MaratMussabekov/patch-254

Browse Source 
update licensing requirements
This commit is contained in:
Denise Vangel-MSFT 2021-01-26 12:16:20 -08:00 committed by GitHub
commit f2c57f72fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
windows/security/threat-protection/microsoft-defender-atp/network-protection.md
View File

@ -45,13 +45,13 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network
## Requirements
Network protection requires Windows 10 Pro, Enterprise E3, E5, and Microsoft Defender AV real-time protection.
Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection.
Windows 10 version | Microsoft Defender Antivirus
-|-
Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled
| Windows 10 version | Microsoft Defender Antivirus |
|:---|:---|
| Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled |
After you have enabled the services, you may need to configure your network or firewall to allow the connections between the services and your endpoints.
After you have enabled the services, you might need to configure your network or firewall to allow the connections between the services and your endpoints.
- .smartscreen.microsoft.com
- .smartscreen-prod.microsoft.com
@ -79,11 +79,11 @@ You can review the Windows event log to see events that are created when network
3. This will create a custom view that filters to only show the following events related to network protection:
Event ID | Description
-|-
5007 | Event when settings are changed
1125 | Event when network protection fires in audit mode
1126 | Event when network protection fires in block mode
| Event ID | Description |
|:---|:---|
| 5007 | Event when settings are changed |
| 1125 | Event when network protection fires in audit mode |
| 1126 | Event when network protection fires in block mode |
## Related articles

38
windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
View File

@ -11,7 +11,7 @@ ms.localizationpriority: medium
audience: ITPro
author: dansimp
ms.author: dansimp
ms.date: 03/27/2019
ms.date: 01/26/2021
ms.reviewer:
manager: dansimp
ms.technology: mde
@ -24,14 +24,13 @@ ms.technology: mde
**Applies to:**
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* IT administrators
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- IT administrators
When you use [Network protection](network-protection.md) you may encounter issues, such as:
* Network protection blocks a website that is safe (false positive)
* Network protection fails to block a suspicious or known malicious website (false negative)
- Network protection blocks a website that is safe (false positive)
- Network protection fails to block a suspicious or known malicious website (false negative)
There are four steps to troubleshooting these problems:
@ -45,11 +44,11 @@ There are four steps to troubleshooting these problems:
Network protection will only work on devices with the following conditions:
>[!div class="checklist"]
> * Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update).
> * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
> * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled.
> * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled.
> * Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**).
> - Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher.
> - Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [See what happens when you are using a non-Microsoft antivirus solution](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
> - [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled.
> - [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled.
> - Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**).
## Use audit mode
@ -61,9 +60,9 @@ You can enable network protection in audit mode and then visit a website that we
Set-MpPreference -EnableNetworkProtection AuditMode
```
1. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block).
2. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block).
1. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**.
3. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**.
If network protection is not blocking a connection that you are expecting it should block, enable the feature.
@ -75,6 +74,8 @@ You can enable network protection in audit mode and then visit a website that we
If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md).
See [Address false positives/negatives in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives).
## Exclude website from network protection scope
To allow the website that is being blocked (false positive), add its URL to the [list of trusted sites](https://blogs.msdn.microsoft.com/asiatech/2014/08/19/how-to-add-web-sites-to-trusted-sites-via-gpo-from-dc-installed-ie10-or-higher-ie-version/). Web resources from this list bypass the network protection check.
@ -89,16 +90,17 @@ When you report a problem with network protection, you are asked to collect and
cd c:\program files\windows defender
```
1. Run this command to generate the diagnostic logs:
2. Run this command to generate the diagnostic logs:
```PowerShell
mpcmdrun -getfiles
```
1. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form.
3. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form.
## Related topics
* [Network protection](network-protection.md)
* [Evaluate network protection](evaluate-network-protection.md)
* [Enable network protection](enable-network-protection.md)
- [Network protection](network-protection.md)
- [Evaluate network protection](evaluate-network-protection.md)
- [Enable network protection](enable-network-protection.md)
- [Address false positives/negatives in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives)