diff --git a/windows/keep-secure/windows-defender-block-at-first-sight.md b/windows/keep-secure/windows-defender-block-at-first-sight.md index de89c2fde6..8abf7c0806 100644 --- a/windows/keep-secure/windows-defender-block-at-first-sight.md +++ b/windows/keep-secure/windows-defender-block-at-first-sight.md @@ -12,41 +12,40 @@ localizationpriority: medium author: iaanw --- -# Enable the Block at First Sight feature in Windows 10 +# Block at First Sight **Applies to** - Windows 10, version 1607 +**Audience** + +- Network administrators + Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds. -You can enable Block at First Sight with Group Policy or individually on endpoints. +It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. -## Backend processing and near-instant determinations +## How it works -When a Windows Defender client encounters a suspicious but previously undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. +When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. -If the cloud backend is unable to make a determination, a copy of the file is requested for additional processing and analysis in the cloud. +If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file. -If the Block at First Sight feature is enabled on the client, the file will be locked by Windows Defender while a copy is uploaded to the cloud, processed, and a verdict returned to the client. Only after a determination is returned from the cloud will Windows Defender release the lock and let the file run. - -The file-based determination typically takes 1 to 4 seconds. +In many cases this process can reduce the response time to new malware from hours to seconds. > [!NOTE] > Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files. -## Enable Block at First Sight +## Confirm Block at First Sight is enabled -### Use Group Policy to configure Block at First Sight +Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender deployments in enterprise networks. -You can use Group Policy to control whether Windows Defender will continue to lock a suspicious file until it is uploaded to the backend. +> [!IMPORTANT] +> There is no specific individual setting in System Center Configuration Manager to enable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. -This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device. - -Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. - -**Configure pre-requisite cloud protection Group Policy settings:** +### Confirm Block at First Sight is enabled with Group Policy 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -56,28 +55,56 @@ Block at First Sight requires a number of Group Policy settings to be configured 5. Expand the tree to **Windows components > Windows Defender > MAPS** and configure the following Group Policies: - 1. Double-click the **Join Microsoft MAPS** setting and set the option to **Enabled**. Click **OK**. + 1. Double-click the **Join Microsoft MAPS** setting and ensure the option is set to **Enabled**. Click **OK**. - 1. Double-click the **Send file samples when further analysis is required** setting and set the option as **Enabled** and the additional options as either of the following: + 1. Double-click the **Send file samples when further analysis is required** setting and ensure the option is set to **Enabled** and the additional options are either of the following: 1. Send safe samples (1) 1. Send all samples (3) - > [!NOTE] + > [!WARNING] > Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature will not function. - 1. Click OK after both Group Policies have been set. + 1. Click **OK**. 1. In the **Group Policy Management Editor**, expand the tree to **Windows components > Windows Defender > Real-time Protection**: - 1. Double-click the **Scan all downloaded files and attachments** setting and set the option to **Enabled**. Click **OK**. + 1. Double-click the **Scan all downloaded files and attachments** setting and ensure the option is set to **Enabled**. Click **OK**. - 1. Double-click the **Turn off real-time protection** setting and set the option to **Disabled**. Click **OK**. + 1. Double-click the **Turn off real-time protection** setting and ensure the option is set to **Disabled**. Click **OK**. + +If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered. +### Confirm Block at First Sight is enabled with Windows Settings -**Enable Block at First Sight with Group Policy** +> [!NOTE] +> If the pre-requisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. + +You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as **Cloud-based protection** and **Automatic sample submission** are both turned on. + +**Confirm Block at First Sight is enabled on individual clients** + +1. Open Windows Defender settings: + + a. Open the Windows Defender app and click **Settings**. + + b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**. + +2. Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**. + +## Disable Block at First Sight + +> [!WARNING] +> Disabling the Block at First Sight feature will lower the protection state of the endpoint and your network. + +> [!NOTE] +> You cannot disable Block at First Sight with System Center Configuration Manager + +You may choose to disable the Block at First Sight feature if you want to retain the pre-requisite settings without using Block at First Sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network. + +**Disable Block at First Sight with Group Policy** 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -87,28 +114,14 @@ Block at First Sight requires a number of Group Policy settings to be configured 5. Expand the tree through **Windows components > Windows Defender > MAPS**. -1. Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Enabled**. +1. Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Disabled**. > [!NOTE] - > The Block at First Sight feature will not function if the pre-requisite group policies have not been correctly set. + > Disabling the Block at First Sight feature will not disable or alter the pre-requisite group policies. -### Manually enable Block at First Sight on individual clients - -To configure un-managed clients that are running Windows 10, Block at First Sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on. - -**Enable Block at First Sight on individual clients** - -1. Open Windows Defender settings: - - a. Open the Windows Defender app and click **Settings**. - - b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**. - -2. Switch **Cloud-based Protection** and **Automatic sample submission** to **On**. - -> [!NOTE] -> These settings will be overridden if the network administrator has configured their associated Group Policies. The settings will appear grayed out and you will not be able to modify them if they are being managed by Group Policy. ## Related topics - [Windows Defender in Windows 10](windows-defender-in-windows-10.md) + + diff --git a/windows/keep-secure/windows-defender-enhanced-notifications.md b/windows/keep-secure/windows-defender-enhanced-notifications.md index c3f51393f2..e70fede4fd 100644 --- a/windows/keep-secure/windows-defender-enhanced-notifications.md +++ b/windows/keep-secure/windows-defender-enhanced-notifications.md @@ -22,9 +22,9 @@ In Windows 10, application notifications about malware detection and remediation Notifications will appear on endpoints when manually triggered and scheduled scans are completed and threats are detected. These notifications will also be seen in the **Notification Center**, and a summary of scans and threat detections will also appear at regular time intervals. -You can enable and disable enhanced notifications with the registry or in Windows Settings. +You can enable and disable enhanced notifications in Windows Settings. -## Configure enhanced notifications +## Disable notifications You can disable enhanced notifications on individual endpoints in Windows Settings. @@ -39,6 +39,8 @@ You can disable enhanced notifications on individual endpoints in Windows Settin ![Windows Defender enhanced notifications](images/defender/enhanced-notifications.png) + + ## Related topics -- [Windows Defender in Windows 10](windows-defender-in-windows-10.md) \ No newline at end of file +- [Windows Defender in Windows 10](windows-defender-in-windows-10.md) diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md index c3bf487cef..8e17a52ca5 100644 --- a/windows/manage/TOC.md +++ b/windows/manage/TOC.md @@ -42,7 +42,6 @@ ##### [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md) #### [Evaluating App-V](appv-evaluating-appv.md) #### [High Level Architecture for App-V](appv-high-level-architecture.md) -#### [Accessibility for App-V](appv-accessibility.md) ### [Planning for App-V](appv-planning-for-appv.md) #### [Preparing Your Environment for App-V](appv-preparing-your-environment.md) ##### [App-V Prerequisites](appv-prerequisites.md) diff --git a/windows/manage/appv-accessibility.md b/windows/manage/appv-accessibility.md index a1e31ed48a..34a3ab0a09 100644 --- a/windows/manage/appv-accessibility.md +++ b/windows/manage/appv-accessibility.md @@ -1,170 +1,4 @@ --- title: Accessibility for App-V (Windows 10) -description: Accessibility for App-V -author: MaggiePucciEvans -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 +redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-getting-started --- - - -# Accessibility for App-V - -Applies to: Windows 10, version 1607 - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Keyboard Shortcuts for the App-V Management Server - - -Following are the keyboard Shortcuts for the App-V Management Server: - - ---- - - - - - - - - - - - - - - - - - - - - -
To do thisPress

Close a dialog box.

Esc

Perform the default action of a dialog box.

Enter

Refresh the current page of the App-V client console.

F5

- -  - -## Keyboard Shortcuts for the App-V Sequencer - - -Following are the keyboard shortcuts for the Virtual Registry tab in the package editor in the App-V Sequencer: - - ---- - - - - - - - - - - - - - - - - -
To do thisPress

Open the Find dialog box.

CTRL + F

Open the Replace dialog box.

CTRL + H

- -  - -### Access Any Command with a Few Keystrokes - -**Important**   -The information in this section only applies to the App-V sequencer. For specific information about the App-V server, see the Keyboard Shortcuts for the App-V Management Server section of this document. - -  - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - An underline appears beneath the keyboard shortcut for each feature that is available in the current view. - -2. Press the letter underlined in the keyboard shortcut for the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - -  - -## Documentation in Alternative Formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- -  - -## Customer Service for People with Hearing Impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For More Information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with App-V](appv-getting-started.md) - -  - -  - - - - - diff --git a/windows/manage/appv-enable-the-app-v-desktop-client.md b/windows/manage/appv-enable-the-app-v-desktop-client.md index 72e2ed9189..bcc5a9ed3b 100644 --- a/windows/manage/appv-enable-the-app-v-desktop-client.md +++ b/windows/manage/appv-enable-the-app-v-desktop-client.md @@ -34,9 +34,18 @@ With Windows 10, version 1607, the App-V client is installed automatically. You 3. Restart the device. -4. To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER. +4. To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER. -See [Using the client management console](appv-using-the-client-management-console.md) for information about configuring the App-V client. + +For information about configuring the App-V client, see: + +- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md) + +- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md) + +- [Using the client management console](appv-using-the-client-management-console.md) + +- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server) ## Have a suggestion for App-V?