Merge branch 'shdyas' of https://github.com/MicrosoftDocs/defender-docs-pr into shdyas

Author: shdyas

defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md

@@ -9,7 +9,7 @@ ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: deniseb
 ms.subservice: ngp
-ms.date: 02/16/2024
+ms.date: 05/30/2024
 ms.collection: 
 - m365-security
 - tier2
@@ -23,7 +23,7 @@ search.appverid: met150
 **Applies to:**
 - [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- Microsoft Defender Antivirus
+- [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md)
 
 **Platforms**
 - Windows 

defender-endpoint/mac-whatsnew.md

@@ -6,7 +6,7 @@ author: YongRhee-MSFT
 ms.author: yongrhee
 manager: dansimp
 ms.localizationpriority: medium
-ms.date: 05/07/2024
+ms.date: 05/30/2024
 audience: ITPro
 ms.collection:
 - m365-security
@@ -53,6 +53,18 @@ Microsoft Defender for Endpoint no longer supports Big Sur (11)
 
 Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see [Behavior Monitoring in Microsoft Defender for Endpoint on macOS](behavior-monitor-macos.md).
 
+### May-2024 (Build: 101.24042.0008  | Release version: 20.124042.8.0)
+
+| Build:             | **101.24042.0008**    |
+|--------------------|-----------------------|
+| Release version:   | **20.124042.8.0**    |
+| Engine version:    | **1.1.24050.7**       |
+| Signature version: | **1.413.13.0**       |
+
+#### What's new
+
+- Bug and performance fixes
+
 ### Apr-2024 (Build: 101.24032.0006  | Release version: 20.124032.06.0)
 
 | Build:             | **101.24032.0006**    |
@@ -998,9 +1010,4 @@ Network protection for macOS is now available for all Mac devices onboarded to D
 
 - Performance improvements & bug fixes
 
-
-
-
-
-
-[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
+[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/malware/exploits-malware.md

@@ -2,9 +2,7 @@
 title: Exploits and exploit kits
 ms.reviewer: 
 description: Learn about how exploits use vulnerabilities in common software to give attackers access to your computer and install other malware.
-keywords: security, malware, exploits, exploit kits, prevention, vulnerabilities, Microsoft, Exploit malware family, exploits, java, flash, adobe, update software, prevent exploits, exploit pack, vulnerability, 0-day, holes, weaknesses, attack, Flash, Adobe, out-of-date software, out of date software, update, update software, reinfection, Java cache, reinfected,  won't remove, won't clean, still detects, full scan, MSE, Defender, WDSI, MMPC, Microsoft Malware Protection Center
 ms.service: defender-endpoint
-ms.mktglfcycl: secure
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
@@ -15,7 +13,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 03/18/2022
+ms.date: 05/30/2024
 ---
 
 # Exploits and exploit kits
@@ -36,7 +34,7 @@ The infographic below shows how an exploit kit might attempt to exploit a device
 
 *Figure 1. Example of how to exploit kits work*
 
-Several notable threats, including Wannacry, exploit the Server Message Block (SMB) vulnerability CVE-2017-0144 to launch malware.
+Notable threats use exploit kits to spread ransomware, including JSSLoader. The threat actor tracked by Microsoft as Storm-0324 (DEV-0324) uses this malware to facilitate access for the ransomware-as-a-service (RaaS) actor [Sangria Tempest](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#ELBRUS] (ELBRUS, Carbon Spider, FIN7).
 
 Examples of exploit kits:
 
@@ -61,4 +59,4 @@ You can read more on the [CVE website](https://cve.mitre.org/).
 
 The best prevention for exploits is to keep your organization's [software up to date](https://portal.msrc.microsoft.com/). Software vendors provide updates for many known vulnerabilities, so make sure these updates are applied to all devices.
 
-For more general tips, see [prevent malware infection](prevent-malware-infection.md).
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).

defender-endpoint/mde-p1-setup-configuration.md

@@ -10,7 +10,7 @@ ms.topic: overview
 ms.service: defender-endpoint
 ms.subservice: onboard
 ms.localizationpriority: medium
-ms.date: 09/13/2023
+ms.date: 05/31/2024
 ms.reviewer: shlomiakirav
 f1.keywords: NOCSH
 ms.collection: 
@@ -208,21 +208,20 @@ We recommend using Intune to configure controlled folder access.
 
 :::image type="content" source="/defender/media/mde-p1/mem-asrpolicies.png" alt-text="attack surface reduction policies in the Intune portal" lightbox="/defender/media/mde-p1/mem-asrpolicies.png":::
 
-1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in. 
+1. Go to the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) and sign in. 
 
 2. Select **Endpoint Security**, and then select **Attack Surface Reduction**.
 
 3. Choose **+ Create Policy**. 
 
-4. For **Platform**, select **Windows 10 and later**, and for **Profile**, select **Attack surface reduction rules**. Then choose **Create**. 
+4. For **Platform**, select **Windows 10, Windows 11, and Windows Server**, and for **Profile**, select **Attack surface reduction rules**. Then choose **Create**. 
 
 5. On the **Basics** tab, name the policy and add a description. Select **Next**. 
 
-6. On the **Configuration settings** tab, in the **Attack Surface Reduction Rules** section, scroll down to the bottom. In the **Enable folder protection** drop-down, select **Enable**. You can optionally specify these other settings:
+6. On the **Configuration settings** tab, in the **Attack Surface Reduction Rules** section, scroll down to the bottom. In the **Enable Controlled Folder Access** drop-down, select **Enable**. You can optionally specify these other settings:
 
-   - Next to **List of additional folders that need to be protected**, select the drop-down menu, and then add folders that need to be protected.
-   - Next to **List of apps that have access to protected folders**, select the drop-down menu, and then add apps that should have access to protected folders.
-   - Next to **Exclude files and paths from attack surface reduction rules**, select the drop-down menu, and then add the files and paths that need to be excluded from attack surface reduction rules.
+   - Next to **Controlled Folder Access Protected Folders**, toggle the switch to **Configured**, and then add folders that need to be protected.
+   - Next to **Controlled Folder Access Allowed Applications**, toggle the switch to **Configured**, and then add apps that should have access to protected folders.
 
    Then choose **Next**.
 

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 05/08/2024
+ms.date: 05/30/2024
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -105,7 +105,9 @@ In general you need to take the following steps:
     > [!NOTE]
     > Distributions and version that are not explicitly listed are unsupported (even if they are derived from the officially supported distributions).
     > With RHEL 6 support for 'extended end of life' coming to an end by June 30, 2024; MDE Linux support for RHEL 6 will also be deprecated by June 30, 2024
-    > MDE Linux version 101.23082.0011 is the last MDE Linux release supporting RHEL 6.7 or higher versions (does not expire before June 30, 2024). Customers are advised to plan upgrades to their RHEL 6 infrastructure aligned with guidance from Red Hat. 
+    > MDE Linux version 101.23082.0011 is the last MDE Linux release supporting RHEL 6.7 or higher versions (does not expire before June 30, 2024). Customers are advised to plan upgrades to their RHEL 6 infrastructure aligned with guidance from Red Hat.
+    >
+    > Microsoft Defender Vulnerablity Management is not supported on Alma currently.
 
 - List of supported kernel versions
 
@@ -255,4 +257,3 @@ High I/O workloads from certain applications can experience performance issues w
 - [Turn on network protection for Linux](network-protection-linux.md)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
-

defender-endpoint/windows-whatsnew.md

@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
-ms.date: 11/06/2023
+ms.date: 05/30/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -45,7 +45,7 @@ All updates contain:
 - Serviceability improvements
 - Integration improvements (Cloud, [Microsoft Defender XDR](/defender-xdr))
 
-## April-2024 (Release version: 10.8750)
+## May-2024 (Release version: 10.8750)
 
 |OS  |KB  |Release version |
 | -------- | -------- | -------- |