Merge branch 'main' into docs-editor/microsoft-defender-core-servic-1718920030

Author: denisebmsft

defender-endpoint/mac-whatsnew.md

@@ -6,7 +6,7 @@ author: YongRhee-MSFT
 ms.author: yongrhee
 manager: deniseb
 ms.localizationpriority: medium
-ms.date: 06/17/2024
+ms.date: 06/21/2024
 audience: ITPro
 ms.collection:
 - m365-security
@@ -58,7 +58,7 @@ Behavior monitoring monitors process behavior to detect and analyze potential th
 | Build:             | **101.24042.0008**    |
 |--------------------|-----------------------|
 | Release version:   | **20.124042.8.0**    |
-| Engine version:    | **1.1.24050.7**       |
+| Engine version:    | **1.1.24040.1**       |
 | Signature version: | **1.413.13.0**       |
 
 #### What's new

defender-endpoint/review-detected-threats.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 - mde-edr
 ms.topic: conceptual
-ms.date: 05/29/2024
+ms.date: 06/21/2024
 ms.subservice: edr
 search.appverid: met150
 ---
@@ -39,15 +39,15 @@ In the Microsoft Defender portal, you can view and manage threat detections usin
 
 1. Visit [Microsoft XDR portal](https://security.microsoft.com/) and sign-in.
 
-    On the landing page, you'll see the **Devices with active malware** card with the following information:
+    On the landing page, you see the **Devices with active malware** card with the following information:
 
     - Display text: Applies to Intune-managed devices. Devices with multiple malware detections may be counted more than once.
     - Last updated date and time.
     - A bar with the Active and Malware remediated portions as per your scan.
 
     You can select **View Details** for more information.
 
-2. Once remediated, you'll see the following text being displayed:
+2. Once remediated, you see the following text being displayed:
 
     *Malware found on your devices have been remediated successfully*.
 
@@ -59,7 +59,7 @@ You can manage threat detections for any devices that are [enrolled in Microsoft
 
 2. In the navigation pane, select **Endpoint security**.
 
-3. Under **Manage**, select **Antivirus**. You'll see tabs for **Summary**, **Unhealthy endpoints**, and **Active malware**.
+3. Under **Manage**, select **Antivirus**. You see tabs for **Summary**, **Unhealthy endpoints**, and **Active malware**.
 
 4. Review the information on the available tabs, and then take action as necessary.
 
@@ -72,20 +72,23 @@ You can manage threat detections for any devices that are [enrolled in Microsoft
 
 ## FAQs
 
-### In the Microsoft XDR portal > Devices with active malware > Devices with malware detections report, why does the Last update seem to be occurring today?
+#### In the Microsoft XDR portal > Devices with active malware > Devices with malware detections report, why does the Last update seem to be occurring today?
 
-To see when the malware was detected, you can do the following:
+To see when the malware was detected, you can take the following steps:
 
 1. Since this is an integration with Intune, visit [**Intune portal**](https://intune.microsoft.com) and select **Antivirus** and then select **Active malware** tab.
+
 2. Select **Export**.
-3. On your device, go to Downloads, and extract the Active malware_YYYY_MM_DD_THH_MM_SS.0123Z.csv.zip.
+
+3. On your device, go to Downloads, and extract the `Active malware_YYYY_MM_DD_THH_MM_SS.0123Z.csv.zip` file.
+
 4. Open the CSV and find the **LastStateChangeDateTime** column to see when malware was detected.
 
-### In the devices with malware detections report, why can't I see any information about which malware was detected on the device.
+#### In the devices with malware detections report, why can't I see any information about which malware was detected on the device.
 
-To see the malware name, visit the [Intune portal](https://intune.microsoft.com) as this is an integration with Intune, select **Antivirus**,  and select **Active malware** tab and you'll see a column named **Malware name**.
+To see the malware name, visit the [Intune portal](https://intune.microsoft.com) as this is an integration with Intune, select **Antivirus**,  and select **Active malware** tab and you see a column named **Malware name**.
 
-### I see a different number for active malware in Devices with active malware report, when compared to numbers I see using Reports > Detected malware, and Intune > Antivirus > Active malware.
+#### I see a different number for active malware in Devices with active malware report, when compared to numbers I see using Reports > Detected malware, and Intune > Antivirus > Active malware.
 
 The **Devices with active malware** report is based on the devices that were active within the last 1 day (24 hours) and had malware detections within the last 15 days.
 
@@ -106,16 +109,21 @@ on DeviceName
 | distinct DeviceName, DeviceId, Title, AlertId, Timestamp
 ```
 
-### I searched the computer name in the top search bar and got two devices with the same name. I don't know which one of those two devices the report is referring to?
+#### I searched the computer name in the top search bar and got two devices with the same name. I don't know which one of those two devices the report is referring to?
 
 Use the Advanced Hunting query that is mentioned [here](#i-see-a-different-number-for-active-malware-in-devices-with-active-malware-report-when-compared-to-numbers-i-see-using-reports--detected-malware-and-intune--antivirus--active-malware) for details such as unique DeviceID, Title, AlertID, and the remediation process. After identifying, work with your IT admin's to make sure that the devices are uniquely named. If a device is retired, use [tags to decommission it.](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectively-part-1/ba-p/1964058)
 
-### I see malware detection in Intune and on the Devices with active malware report, but I don't see it in the MDE Alerts queue or in the Incidents queue.
+#### I see malware detection in Intune and on the Devices with active malware report, but I don't see it in the MDE Alerts queue or in the Incidents queue.
 
 It might be that the URL's [Cloud Protection](configure-network-connections-microsoft-defender-antivirus.md) is currently not being allowed through your firewall or proxy.
 
 You need to ensure that when you run `%ProgramFiles%\Windows Defender\MpCmdRun.exe -ValidateMapsConnection` on your device, the reporting is Ok.
 
+#### I see a device that has been inactive for 180+ days but still showing up on the report for 'Devices with active malware'.  The device doesn't show in the "Device inventory", can't be turned on and can't be offboarded from Microsoft Defender for Endpoint.
+
+  
+The device has not been [retired](/mem/intune/remote-actions/devices-wipe) from Intune.
+
 ## Related articles
 
 - [Alerts in Microsoft Defender for Endpoint](investigate-alerts.md)

defender-endpoint/run-analyzer-macos-linux.md

@@ -297,7 +297,7 @@ Usage example: `sudo ./mde_support_tool.sh skipfaultyrules -e true`
 
 - report.html
 
-  Description: The main HTML output file that contains the findings and guidance that the analyzer script run on the machine can produce.
+  Description: The main HTML output file that contains the findings and guidance from running the client analyzer tool on the device. This file is only generated when running the Python-based version of the client analyzer tool.
 
 - mde_diagnostic.zip
 

defender-vulnerability-management/fixed-reported-inaccuracies.md

@@ -32,14 +32,36 @@ This article provides information on inaccuracies that have been reported. You c
 
 The following tables present the relevant vulnerability information organized by month:
 
+## June 2024
+
+| Inaccuracy report ID | Description | Fix date |
+|---|---|---|
+| 55309 | Fixed inaccuracy in Google One | 01-June-24 |
+| - | Defender Vulnerability Management doesn't currently support CVE-2020-17381 | 02-June-24 |
+| - | Fixed inaccuracy in CVE-2024-21410 | 10-June-24 |
+
+
 ## May 2024
 
 | Inaccuracy report ID | Description | Fix date |
 |---|---|---|
+| - | Fixed inaccuracy in CVE-2023-46838 | 05-May-24 |
+| - | Fixed inaccuracy in CVE-2024-3094 | 05-May-24 |
 | - | Fixed inaccuracy in Microsoft Visual Studio Code | 06-May-24 |
+| - | Fixed inaccuracy in CVE-2024-1403 | 06-May-24 |
 | - | Added Microsoft Defender Vulnerability Management support to NextGen Mirth Connect | 08-May-24 |
 | 54538 | Fixed inaccuracy in Pippo product | 08-May-24 |
 | - | Fixed inaccuracy in FortiClient Endpoint Management | 08-May-24 |
+| - | Added accurate EOS details for D-Link products | 15-May-24 |
+| 54786 | Fixed inaccuracy in CVE-2024-31497 | 16-May-24 |
+| 56667 | Fixed inaccuracy in CURL vulnerabilities - CVE-2023-28319 & CVE-2023-28320 | 16-May-24 |
+| - | Defender Vulnerability Management doesn't currently support CVE-2024-20666 | 20-May-24 |
+| 56287 | Fixed inaccuracy in CVE-2021-32823 | 20-May-24 |
+| 57278 | Defender Vulnerability Management doesn't currently support Lenovo Thinkpad P16 Gen1 Firmware | 20-May-24 |
+| 50565 | Fixed inaccuracy in Adobe experience Manager Desktop | 21-May-24 |
+| 55190 | Fixed inaccuracy in Abbyy Finereader PDF and Engine | 21-May-24 |
+| 49836 | Fixed inaccuracy in Progress OpenEdge | 26-May-24 |
+| 57299 | Fixed inaccuracy in CVE-2021-33214 & CVE-2020-14498 | 29-May-24 |
 
 ## April 2024
 
@@ -62,6 +84,7 @@ The following tables present the relevant vulnerability information organized by
 | 48996 | Fixed inaccuracy in Connectwise ScreenConnect Client | 16-Apr-24 |
 | - | Fixed inaccurate product considerations in Apple | 16-Apr-24 |
 | 49565 | Fixed inaccuracy in GitHub vulnerabilities - CVE-2012-2055 and CVE-2024-0727 | 16-Apr-24 |
+| 54684 | Defender Vulnerability Management doesn't currently support Lenovo Thinkpad T590 Firmware | 30-Apr-24 |
 
 ## March 2024