Home

Windows 10 security

51 Conversations

Latest Activity

Custom List Message Item

Problem:

If Forticlient 5.6 is installed and configured to have real time scanning disabled, in Windows 1709 defender forces its own real time scan to be disabled.

 

The problem is the Forticlient is used for firewall policy enforcement so we really want

... Read More
10 Views
0 Reply

Question around the Windows Defender Security Center in Enterprise (1703)

 

We have Symantec Endpoint Protection (14 MP1) in our environment, and after upgrading to 1703 it seems the Security Center is starting and enabled (appears in system tray). I create

... Read More
5,316 Views
15 Replies

Hi,

 

A few answers :-)

Let's start with - we do NOT support any manual changes to the registry, so those changes are not documented and not supported. 

 

The GPO setting

... Read More
Best Response confirmed by Dan Van Drunen (Occasional Contributor)

We are in the exact scenario. I'm anxious to hear the answer!

Hello,

I got from my compmany a new PC where we joined the Azure AD. My organistion set a PIN and the fingerprint but do not use the password.

 

Now I want to connect to this PC using remote desktop. How can I set to use the PIN for that instead of the pa

... Read More
61 Views
0 Reply

I've started evaluating some of the new security features in Windows 10, 1709 such as Network Protection and Attack Surface Reduction.  Anytime one of the NP or ASR rules is triggered I get the toast notification window above the system tray as expected,

... Read More
150 Views
1 Reply

We've started to evaluate this as well and we are also seeing the 'COM surrogate' issue.

 

Sorry... I don't have a solution yet, but i'm still looking into it. I will let

... Read More

I've been away for 9 days but left my laptop on. Upon return home, it would no longer access my router wifi. I've rebooted the router and laptop more times than I can recall. I've logged on to the router and everything looks correct, all the passwords are

... Read More
42 Views
1 Reply

Hi, I have exactly the same problem? Could you solve it?

I am new to these forums so apologies if this is the wrong place. A few days ago I started getting the attached window keep popping up. Doesn't matter how many times I click apply, OK - it keeps coming back. Any suggestions ?
31 Views
1 Reply

Hello David,

 

Data Execution Prevention (DEP) events are usually caused by a corrupted or incompatible add-on. Try using Internet Explorer (No add-ons) to see if you can i

... Read More

feature request:  Windows Defender Antivirus -  add "scan running processes" scan for dead/multiple or dangerous processes or clean memory... most virus scanners only check files on drive, not running processes within memory..  and maybe add a rule to blo

... Read More
54 Views
0 Reply

Find out about the security improvements coming in the Windows 10 Fall Creators Update - native Enhanced Mitigation Experience Toolkit (EMET) protections, Windows Defender Application Guard, Device Guard integrated into Windows Defender ATP response capab

... Read More
341 Views
2 Replies

Yeah I was super excited too about this update and native "EMET" Win 10 is going to have. In order to really use for example Windows Defender Explot Guard you need to hav

... Read More
We are super excited!

Hello

 

When i used Windows 8.1 i am starting using Bitlocer service one of my drive.

but last week i upgrade with windows 10. then i went to try disable bitlocker service and when its 83% done suddenly my computer shut down :( 

Now, its not show bitlocker ic

... Read More
96 Views
1 Reply

Since this is technical issue, it is better to ask it in Microsoft Answers forum:

https://answers.microsoft.com/en-us/windows/forum

If your PC was part of domain, then you

... Read More

Hello to all Security experts!

 

This is not a secret that for ages all big companies and organizations were using all kind of 3rd party tools to protect Windows XP and Windows 7: McAfee, TrendMicro, Symantec, Kaspersky, FireEye, Cylance etc. This is becaus

... Read More
171 Views
1 Reply

Microsoft is not new in consumer security market, first it start with Windows Live OneCare and it was commercial product and a good one with good protection service. Then

... Read More

Hi,

 

We are running an environment with remote users mostly with Windows 8.1 devices, but in a near future will rollout Windows 10.
We have a EMS license, so are allowed to use Intune. At this moment we run Bitdefender AV on all laptops. But we are looking

... Read More
239 Views
3 Replies

Finally this option is now available from the Azure portal
Intune.png

Read More
Hi
Product updates are delivered as part of Windows Update, so that should be handled.

In the Intune portal you can force signature updates, and AV Scans by doing a right c... Read More
I’m contacting you regarding an issue that occurred this morning after updating to the latest windows 10 preview. My laptop is not booting from BitLocker. Each time I type in the password it says that there are no more BitLocker recovery options on your P... Read More
144 Views
0 Reply

Security operators, IT administrators, CISOs, CSOs, and other IT/security professionals who work daily with enterprise-level security solutions:

 

Future planning efforts are underway for Windows Defender and, as part of that, the Microsoft OSG Enterprise

... Read More
149 Views
0 Reply

I have used Windows software for years.  I have always purchased software to protect my Windows systems.  I would really like to see Microsoft step up the protection for a home/portable PC, to meet the environment that a home/portable PC lives in.  Plainl

... Read More
533 Views
10 Replies
There's a little app for windows firewall that handles the configurations for you. It turns off the Allow by default behavior and lets you do it on an app-by-app, port-by... Read More

Hello, Jack.

Erm... I am sorry, but what you are dreaming is far inferior to what we already have.

 

You are dreaming about an allow-by-default firewall. Windows already com

... Read More

Dear Microsoft Security team,

 

In addition to the first Emet question, I was wondering if Emet will be part of all Windows 10 editions (e.g. Enterprise, Home, Pro, etc.)?

In case of yes, in which editions is Emet enabled by default?

 

Thanks,

Daniel

 

Read More
188 Views
1 Reply
We recently published a blog detailing the evolution of EMET (and much more) into Windows Defender Exploit Guard: https://blogs.windows.com/business/2017/06/27/announcing-end-end-security-features-windows-10/ Read More

Windows Defender Antivirus (Windows Defender AV) is an antimalware solution built into Windows 10. The Microsoft Malware Protection Center recently published a blog post that summarizes how the Windows Defender Antivirus cloud protection service can help stop malware in real time

... Read More
261 Views
4 Replies

I've been a fan of Windows AV (and Security Essentials before that) for a long time, so much so that I've almost never had to use add-on products or third part AV. Recent

... Read More

There is a new landing page for Windows Hello for Business technical documentation--https://aka.ms/whfbdocs--and some new guidance as well, including:

 

  • Minimum prerequisites for each deployment scenario
  • A planning guide
  • On-premises certificate trust dep
... Read More
101 Views
0 Reply

Wondering how to prevent or contain sophisticated cyberattacks across your email and endpoints?

 

Check out this demo from Microsoft Mechanics, which explains how Windows Defender Advanced Threat Protection (Windows Defender ATP) and Office 365 ATP work t

... Read More
155 Views
0 Reply

If you're interested in learning how Windows 10 protects you from modern malware--and bootkits specifically--check out the new article, Secure the Windows 10 boot process, which covers:

 

  • Secure Boot
  • Trusted Boot
  • Early Launch Anti-Malware (ELAM)
  • Measured
... Read More
234 Views
0 Reply

Error is "Windows cannot acccess (\\machine\share)" "You do not have permission..."

 

I have turned off the firewalls on both. I have shared the folder and set permissions to full / everyone.

 

for the life of me, I can not figure this out. Any ideas?

 

Both ar

... Read More
119 Views
0 Reply

It's 9:00 a.m. and our Windows 10 security AMA has come to a close. Thank to all who joined us today! We will put together a summary of what was covered during the AMA and share it here.

 

We hope you will continue ask questions, share tips with each othe

... Read More
229 Views
3 Replies

I wasn't able to attend.  Was this recorded?

Thank you! Consider perhaps a quarterly event like this across all suites please (Deployments, Office, etc.)

Great session! Thx alot!

Hello Microsoft Security, thanks a lot for opening this board.

 

Microsoft brought many nice security features in Windows 10: (Credential guard , Device guard, etc ...).

 

I tried to look at the documentation but could not find it. Is those features will be e

... Read More
166 Views
0 Reply

We've already taken the easy step of removing local administrator rights for our users on their desktops and laptops.   But we're wondering what to do with our IT staff who often need administrator rights on servers, desktops, and laptops.

 

We've tried giv

... Read More
150 Views
0 Reply

My organisation is struggling with figuring out the best way to manage Bluetooth. We want to enable it as it provides such a productivity benefit for our customers, but our security team is not having it.

 

What is the best way to GRANULARLY manage Bluetoot

... Read More
208 Views
5 Replies

Hi there, thanks for your question!

 

I've done some digging, looks like SCCM only lets you block or allow all bluetooth connections today. Intune also has additional gra

... Read More

Hi,

 

given the finite monetary resource of a company plus maybe some political issues here and there. Is there an advisory paper or something along these lines that describes how to get a company as secure as possible without buying into Azure AD, ATA and

... Read More
322 Views
8 Replies
It depends on how you want to manage your company , you could have Windows Server and connect all your devices to your local Active Directory instead of AzureAD, Windows ... Read More

Hi Christian, are you a small to medium size business?

 

-Chris

Is there a timescale for the safelinks logic to be modified so that it also catched links that are not wrapped in http or https?  i.e. http://www.website.com is protected, but www.website.com is not, but it remains clickable as Outlook see's it as a link.

Read More
217 Views
2 Replies

Here is the answer from the team that owns Safe Links:

 

The Safe Links team is planning to integrate with Microsoft Outlook email clients. With this integration, for ten

... Read More

Hi Pete, We've reached out to our team that owns SafeLinks and asked them to reply to your question. 

As I understand it, an SSD is built with wear leveling and the actual space is double of the advertised available space to the OS. If an SSD has been in use for an unknown period of time and is later Bitlocked, does all of the drive become protected, even

... Read More
256 Views
6 Replies

It would appear that you have a choice:

 

  • Encrypt used disk space only
  • Encrypt entire drive (slower) - for drives already in use

0ce702360bf98b2e8b04ce76fc9b7fe7.png

 

Read More
There is still no support for smartcard or tokens for unlocking Bitlocker protected system volumes before booting (PreBootAuthentication). Only pin and USB key as well as TPM is supported. Any plans to extend these possibilities? Timeline?
192 Views
4 Replies

I think HP has done something here so that you can use your fingerprint for it.

With EMET hopefully getting baked into RS3 what options to configure it do we get?

130 Views
0 Reply

How will Credential Guard and Device Guard help Windows 10 users in terms of security.

193 Views
2 Replies
Probably best to take a look at the documentation! For DG: https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide

Super high-... Read More

Credential Guard and Virtualization-based security can protect authentication secrets. move information can be found at https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard

Read More

We will spend this hour discussing Windows 10 security technologies, best practices, tips, and tricks with the Windows product and engineering teams.

 

To submit a question, click "Start a new conversation" in the Windows 10 security space--and do this fo

... Read More
733 Views
17 Replies

Thanks @Heather Poulsen for setting this up. And thanks to the smart folks at MS for taking the time out of your busy days to answer some of my questions. @Dune Desormeaux

... Read More
Thanks for hosting this folks, it's very welcome given recent events!

Hi! I'm Mike Stephens, Senior Program Manager in Windows client OS Security focusing on Windows Hello for Business, PKI, and Cryptography. Welcome to the Microsoft Tech C

... Read More
This is Scott from the OS Security team, working on Device Guard, Secure Boot, Windows 10 S etc.

Hi all!

 

I'm Amitai, a product manager on the Windows Defender team. I'm excited to answer your questions here. Follow me on Twitter later for other Windows Security inf

... Read More

Hi, will we see a login option where you will both Windows Hello and a PIN or Password for login?

 

376 Views
9 Replies

Yes, once you deploy Windows Hello for Business, the user will see additional login credential provides such as PIN, fingerprint, and/or Facial recognition depending on t

... Read More

*use

When I run the PowerShell script and review the log, DeviceGuardCheckLog.txt, I see that it says "Incompatible HVCI Kernal Driver Modules Found" as well as "HSTI is absent". But it still allows me to enable Device Guard and Credential Guard. Is this a mis

... Read More
197 Views
1 Reply

The Readiness Tool is looking for both Device Guard and Credential Guard compatibility. These two warnings are related to Device Guard, so nothing related to Credential G

... Read More
Best Response confirmed by Michael inWilson (Occasional Contributor)

Considering the lockdown nature of Win 10S, are there any existing discussions about the threat landscape of a Win10S machine?  For instance, phishing is unchanged.  Edge/IE vulnerabilities?  How about browser extension vulnerabilities, would they have fu

... Read More
148 Views
2 Replies

 

What you're basically looking for is a white paper and at this time we don't have one satisfy the breath of your questions. I'll take this as feedback and hopefully we

... Read More

Windows 10 S in addition to only running software from the Store does block certain inbox things like Powershell and have some enhancments to prevent certain dangerous fi

... Read More

Do you plan any kind of  Multi-Factor Authentication for the Active Directory (without an Azure subscribtion)?

What about Active Directory - "Hello" integration ?

158 Views
1 Reply

Azure makes an on-prem server that can be used for on-prem MFA.  This server does not require an Azure subscription, but it does require an Azure account and gives ala ca

... Read More

What guidance do you have relating to reporting cadence from client to WDATP portal with respect to battery life/impact? We have found that with some solutions there is a significant impact on battery life as you increase the reporting cadence. It would b

... Read More
116 Views
1 Reply

most endpoints send around 2MB per day - max is 5MB. Traffic is distributed to be sent as close a possible to time of recording, depending on state of the endpoint and th

... Read More

Some companies, including very large enterprises who elected to run Windows 7 Pro, will not be able to make a business value case to invest in Windows 10 Enterprise with SA or a per-user model.

 

What risks or functional limits would an enterprise have to a

... Read More
155 Views
2 Replies

In Pro you are missing all the fancy new features, all the Guards e.g. Credential Guard that is a simple to implement line of defence against Pass-the-Hash attacks. We de

... Read More

With Windows 7 the value proposition for Enterprise was challenging. If you didn't love most of the features the math didn't work. With Windows 10 on of our goals was to

... Read More

I am using the DG_Readiness PowerShell script to enable Credential Guard. The results say it is enabled and running with "Audit Mode" in parenthesis. What does this mean?

270 Views
5 Replies
That probably refers to another part of Device Guard rather than Credential Guard. Credential Guard does not support an audit mode.

Let's say a company wanted to make full use of defender and get rid of its anti virus software.

 

Do you advice against getting rid of antivirus in favor of defender? Is there a trial on the horizon, because Antivirus companies feel you are steeling their b

... Read More
796 Views
8 Replies

There are several methods of managing Windows Defender in the enterprise, depending on the technologies you have currently and what you plan to invest in.

 

This 4 minute a

... Read More
Hey Christian, there are a few options for management, including SCCM & Intune - see here for some more info https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus Read More

Is Bitlocker supported on virtual servers? We would like to implement virtual domain controllers and understand that Bitlocker cannot be used on Server 2012 R@ virtual machines. Is it supported on Server 2016 virtual machines?

364 Views
4 Replies

Yes, however there is a challange which is that MBAM doesn't support servers yet. Without MBAM you can still use BitLocker but it won't be as manageable as some customers

... Read More
Best Response confirmed by Michael Brunker (Occasional Contributor)

Do you have any information regarding hexadite acquisition. When something is launched or is the technology merged to some MS service/product or do you have any relevant info for MS partner organization? 

138 Views
3 Replies

Hi Jesse,

 

We are strengthening our ATP offering by adding artificial intelligence-based automatic investigation and remediation capabilities, making response and remedi

... Read More

Hi,

when will we see this option and are there any plans to allow other authenticator apps aswell?

 

250 Views
6 Replies

The perferred sign-in method for the future is Windows Hello for Business, which is a two factors of authentication.  This is the functionally equivalent to password and

... Read More

Shall this space only be used for the AMAs or beyond that?

 

I.E. are they complementary to the already existing blogs, technet and such?

 

Are they a place to ask very specific questions down to registry values for certain purposes, etc.?

Read More
163 Views
5 Replies

This space is open to ongoing questions and discussions after the conclusion of today's AMA. It's meant to complement existing outlets like blogs and TechNet forums by pr

... Read More

Hi,

Are there any plans to bring all security related events (and information) together into one single pane of glas? At the moment there are alot of tabs I need to have open to get the holistic picture. Windows Defender ATP Portal, OMS, Intune, ASC, ATA e

... Read More
89 Views
2 Replies

Hi again ;)

 

you hope you have seen the integration WDATP, Office 365 ATP and (announced as on the roadmap) with MS ATA. This is a first step - investigating across prod

... Read More

Hi,

when will we be able to do memory dumps for forensics with Defender ATP?

Alot of the attacks we see are fileless these days, would be a nice feature!

 

/Mats 

 

195 Views
3 Replies

Hi Mats,

 

we are looking into providing this option. You know that with our latest update we enhanced our sensors with detection capabilities for in-memory and kernel ba

... Read More

Maybe I'm an outlyer, but I liked using SCM as a single app. The new "toolkit" seems cumbersome, and maybe I haven't given it enough of a chance yet... but I'm used to SCM and it is very useful as a one-stop shop! We compare the MS baseline against a few

... Read More
89 Views
1 Reply

Thanks for sharing your thoughts. We'll pass on your feedback!

Best Response confirmed by Todd Godchaux (Occasional Contributor)

Hello,

can we expect more security trainings on MVA.

"Securing Privileged Access Workstations"  Virtual Lab would be a great help.

109 Views
3 Replies
Thank you for the suggestion. I'll forward it to the team. Since you brought it up, what are examples of what you consider to be great virtual labs in the MVA?

How secure is peer to peer? I've been reading up about peer cache and delivery optimization and there doesn't seem to be a lot written about the scurity of it all.

144 Views
3 Replies
To add: how secure is peer-to-peer for Windows Updates; for SMBs using Intune and/or WSUS on a domain, how would peer-to-peer have any additional value in terms of perfor... Read More

When will Win 10S be available to play with?

138 Views
1 Reply
At this point Windows 10 S is only available with new HW. The Surface Laptop is currently shipping as of June 15th.
For developers we have a simulated policy so that you ... Read More