From 0519e9264e18abbb1bd4c50807475b09ed546da3 Mon Sep 17 00:00:00 2001
From: Aacer Daken <41165107+AaDake@users.noreply.github.com>
Date: Wed, 10 Jun 2020 13:41:59 -0700
Subject: [PATCH] Update kernel-dma-protection-for-thunderbolt.md

Updated document with new snapshot of device manager
---
 .../kernel-dma-protection-for-thunderbolt.md                    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 8cdba0cc57..eeca0b68d5 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -103,6 +103,8 @@ No, Kernel DMA Protection only protects against drive-by DMA attacks after the O
 DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of 2 means that the device driver supports DMA-remapping. If the property is not available, then the policy is not set by the device driver (i.e. the device driver does not support DMA-remapping).
 Please check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external).
 
+![Kernel DMA protection user experience](images/device_details_tab_1903.png)
+
 *For Windows 10 versions 1803 and 1809, the property field in Device Manager uses a GUID, as highlighted in the following image. 
 
 ![Kernel DMA protection user experience](images/device-details-tab.png)