deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 10937: merge

Browse Source
This commit is contained in:
Joey Caparas
2018-08-27 21:38:35 +00:00
parent 949cc2f81f 775e82caaa
commit f6de1c3e6b
5 changed files with 1467 additions and 1203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
View File

@ -108,7 +108,7 @@ Wecutil ss “testSubscription” /cf:Events
### How frequently are WEF events delivered?
Event delivery options are part of the WEF subscription configuration parameters There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Ciewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector.
Event delivery options are part of the WEF subscription configuration parameters There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Viewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector.
This table outlines the built-in delivery options:

7
windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
View File

@ -6,8 +6,9 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
ms.date: 09/21/2017
author: andreabichsel
msauthor: v-anbic
ms.date: 08/27/2018
---
# Working with AppLocker rules
@ -60,6 +61,8 @@ The AppLocker console is organized into rule collections, which are executable f
When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used.
The DLL rule collection is not enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections).
EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it is a valid PE file.
 
## Rule conditions