diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index a69de08f66..eee75f9b25 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,7 @@ sections: text: " + diff --git a/windows/security/threat-protection/images/TVM_icon.png b/windows/security/threat-protection/images/TVM_icon.png index 41faa16718..63f8c75929 100644 Binary files a/windows/security/threat-protection/images/TVM_icon.png and b/windows/security/threat-protection/images/TVM_icon.png differ diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 3370a2a7c6..9bd0cfef19 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -60,7 +60,7 @@ Business Security Test consists of three main parts: the Real-World Protection T - Business Security Test 2018 (March - June): [Real-World Protection Rate 98.7%](https://www.av-comparatives.org/tests/business-security-test-2018-march-june/) -### SE Labs: Total accuracy rating of AAA in the latest test +### SE Labs: AAA award in the latest test SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services. diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracy.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracy.png index 4b8c3a7569..2e93ccc77b 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracy.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracy.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracyflyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracyflyout.png new file mode 100644 index 0000000000..8b99ca489e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracyflyout.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracyoptions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracyoptions.png new file mode 100644 index 0000000000..66abe22f08 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_report_inaccuracyoptions.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index f362f6b831..2b21b47050 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -56,11 +56,25 @@ From that page, you can do any of the following depending on what you need to do ## Report inaccuracy -You can report on a false positive when you see any vague, inaccurate, incomplete, or already remediated information in the machine page, under **Security recommendation** column. +You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated information in the machine page, under **Security recommendation** column. + +1. Click **:** then select **Report inaccuracy**. A flyout pane opens. +![Screenshot of Report inaccuracy control from the machine page under the Security recommendation column](images/tvm_report_inaccuracy.png) +![Screenshot of Report inaccuracy flyout pane](images/tvm_report_inaccuracyflyout.png) + +2. From the flyout pane, select the inaccuracy category from the drop-down menu. +![Screenshot of Report inaccuracy categories drop-down menu](images/tvm_report_inaccuracyoptions.png) + +3. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported. + +4. Include your machine name for investigation context. + +>[!NOTE] +> You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context. + +5. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context. -Click **:** then select the inaccuracy category from the dropdown menu. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context. -![Report inaccuracy from the machine page within the Security recommendation column](images/tvm_report_inaccuracy.png) ## Related topics diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 856b617100..8d22a596c8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -35,6 +35,9 @@ This topic describes the structure of this profile (including a recommended prof The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences. +>[!CAUTION] +>The layout of the configuration profile depends on the management console that you are using. The following sections contain examples of configuration profiles for JAMF and Intune. + The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections. ### Antivirus engine preferences @@ -222,6 +225,8 @@ The following configuration profile will: - Enable cloud delivered protection - Enable automatic sample submission +### JAMF profile + ```XML @@ -258,10 +263,91 @@ The following configuration profile will: ``` +### Intune profile + +```XML + + + + + PayloadUUID + C4E6A782-0C8D-44AB-A025-EB893987A295 + PayloadType + Configuration + PayloadOrganization + Microsoft + PayloadIdentifier + com.microsoft.wdav + PayloadDisplayName + Microsoft Defender ATP settings + PayloadDescription + Microsoft Defender ATP configuration settings + PayloadVersion + 1 + PayloadEnabled + + PayloadRemovalDisallowed + + PayloadScope + System + PayloadContent + + + PayloadUUID + 99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295 + PayloadType + com.microsoft.wdav + PayloadOrganization + Microsoft + PayloadIdentifier + com.microsoft.wdav + PayloadDisplayName + Microsoft Defender ATP configuration settings + PayloadDescription + + PayloadVersion + 1 + PayloadEnabled + + antivirusEngine + + enableRealTimeProtection + + threatTypeSettings + + + key + potentially_unwanted_application + value + block + + + key + archive_bomb + value + audit + + + + cloudService + + enabled + + automaticSampleSubmission + + + + + + +``` + ## Full configuration profile example The following configuration profile contains entries for all settings described in this document and can be used for more advanced scenarios where you want more control over the product. +### JAMF profile + ```XML @@ -329,6 +415,116 @@ The following configuration profile contains entries for all settings described ``` +### Intune profile + +```XML + + + + + PayloadUUID + C4E6A782-0C8D-44AB-A025-EB893987A295 + PayloadType + Configuration + PayloadOrganization + Microsoft + PayloadIdentifier + C4E6A782-0C8D-44AB-A025-EB893987A295 + PayloadDisplayName + Microsoft Defender ATP settings + PayloadDescription + Microsoft Defender ATP configuration settings + PayloadVersion + 1 + PayloadEnabled + + PayloadRemovalDisallowed + + PayloadScope + System + PayloadContent + + + PayloadUUID + 99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295 + PayloadType + com.microsoft.wdav + PayloadOrganization + Microsoft + PayloadIdentifier + 99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295 + PayloadDisplayName + Microsoft Defender ATP configuration settings + PayloadDescription + + PayloadVersion + 1 + PayloadEnabled + + antivirusEngine + + enableRealTimeProtection + + exclusions + + + $type + excludedPath + isDirectory + + path + /var/log/system.log + + + $type + excludedPath + isDirectory + + path + /home + + + $type + excludedFileExtension + extension + pdf + + + allowedThreats + + eicar + + threatTypeSettings + + + key + potentially_unwanted_application + value + block + + + key + archive_bomb + value + audit + + + + cloudService + + enabled + + diagnosticLevel + optional + automaticSampleSubmission + + + + + + +``` + ## Configuration profile deployment Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune.
MessageDate
Feature update install notification on Windows 10, version 1809 (the October 2018 Update)
We've had reports on August 29th that some customers running Windows 10, version 1809 (the October 2018 Update) have received notification to install the latest feature update (version 1903) early. Updating remains in your control. To install the update, you must select one of the following options: \"Pick a Time\", \"Restart Tonight,\" or \"Restart Now\". If you are not ready to update at this time, simply dismiss the notification by clicking the arrow in the top right corner. If you have updated to Windows 10, version 1903 and would like to go back to your previous version, see the instructions here.
August 29, 2019
04:39 PM PT
Take Action: Internet Explorer 11 now available on Windows Update/WSUS for Windows Server 2012 and Windows Embedded 8 Standard
Internet Explorer 11 (KB 4492872) is now available via Windows Update (WU) and Windows Server Update Services (WSUS) for commercial customers running Windows Server 2012 and Windows Embedded 8 Standard. For details about these changes and end of support for IE10, please refer to the IT Pro blog
August 29, 2019
08:00 AM PT
Take action: SHA-2 code signing support guidance for Windows 7 SP1 and Windows Server 2008 RS2 SP1
Windows 7 SP1 and Windows Server 2008 R2 SP1 update signatures are now SHA-2 based signatures and requires that SHA-2 support to be installed. For important customer guidance on installation and troubleshooting tips, please read the knowledge base article 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
August 23, 2019
03:35 PM PT
Take action: Windows 10, version 1703 (the Windows 10 Creators Update) reaches end of life on October 9, 2019
The Enterprise and Education editions of Windows 10, version 1703 (the Windows 10 Creators Update) will reach end of life on October 9, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions reached end of service on October 8, 2018.

There is no extended support available for any edition of Windows 10, version 1703. Therefore, it will no longer be supported after October 9, 2019 and will not receive monthly security and quality updates containing protections from the latest security threats.

To continue receiving security and quality updates, Microsoft recommends that you update your devices to the latest version of Windows 10. For more information on end of service dates and currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
August 23, 2019
02:17 PM PT