added table

2025-05-14 06:17:22 +00:00 · 2019-04-02 09:22:07 -07:00 · 2019-04-02 09:22:07 -07:00 · 209ac57f8b
commit 209ac57f8b
parent f1d2030fbc
2 changed files with 12 additions and 11 deletions
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 03/26/2018
+ms.date: 04/02/2019
 ---

 # Reduce attack surfaces with attack surface reduction rules 
@ -236,15 +236,6 @@ SCCM name: Not applicable

 GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c

-## Review attack surface reduction events in Windows Event Viewer
-
-You can review the Windows event log to see events that are created when attack surface rules block (or audit) an app:
-
-Event ID | Description
-5007     | Event when settings are changed
-1121     | Event when an attack surface reduction rule fires in audit mode
-1122     | Event when an attack surface reduction rule fires in block mode
-

 ## Related topics

--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 11/16/2018
+ms.date: 04/02/2019
 ---

 # Evaluate attack surface reduction rules
@ -45,6 +45,16 @@ This enables all attack surface reduction rules in audit mode.
 >If you want to fully audit how attack surface reduction rules will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
 You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Attack surface reduction rules topic](attack-surface-reduction-exploit-guard.md).

+## Review attack surface reduction events in Windows Event Viewer
+
+You can review the Windows event log to see events that are created when attack surface rules block (or audit) an app:
+
+| Event ID | Description |
+|----------|-------------|
+|5007      | Event when settings are changed |
+| 1121     | Event when an attack surface reduction rule fires in audit mode |
+| 1122     | Event when an attack surface reduction rule fires in block mode |
+
 ## Customize attack surface reduction rules

 During your evaluation, you may wish to configure each rule individualy or exclude certain files and processes from being evaluated by the feature.