diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 40259ea853..6d0bc2db0a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -68,7 +68,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De You can review the Windows event log to see events that are created when an Attack Surface Reduction rule is triggered (or audited): -1. Download the [Exploit Guard Evaluation Package](#) and extract the file *asr-events.xml* to an easily accessible location on the machine. +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *asr-events.xml* to an easily accessible location on the machine. 1. Type **Event viewer** in the Start menu to open the Windows Event Viewer. diff --git a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index e1489c622b..e2f11fc337 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -52,7 +52,7 @@ Audit applies to individual mitigations | [Enable Exploit Protection](enable-exp You can also use the a custom PowerShell script that enables the features in audit mode automatically: -1. Download the [Exploit Guard Evaluation Package](#) and extract the file *Enable-ExploitGuardAuditMode.ps1* to an easily accessible location on the machine. +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *Enable-ExploitGuardAuditMode.ps1* to an easily accessible location on the machine. 1. Type **powershell** in the Start menu. diff --git a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index f0f0b00b43..c64d76ea70 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -69,7 +69,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De You can review the Windows event log to see events that are created when Controlled Folder Access blocks (or audits) an app: -1. Download the [Exploit Guard Evaluation Package](#) and extract the file *cfa-events.xml* to an easily accessible location on the machine. +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the machine. 2. Type **Event viewer** in the Start menu to open the Windows Event Viewer. diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index c763bf4b93..e8476084c9 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -51,7 +51,7 @@ This topic helps you evaluate Attack Surface Reduction. It explains how to demo Use the **ExploitGuard ASR test tool** app to see how Attack Surface Reduction rules are applied in certain key protection and high-risk scenarios. These scenarios are typical infection vectors for malware that use exploits to spread and infect machines. The tool is part of the Windows Defender Exploit Guard evaluation package: -- [Download the Exploit Guard Evaluation Package](#) +- [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) This tool has a simple user interface that lets you choose a rule, configure it in blocking, audit, or disabled mode, and run a pre-created series of actions that would be evaluated by the rule. diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index 204d1e659b..078e187c83 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -50,7 +50,7 @@ This topic helps you evaluate Controlled Folder Access. It explains how to demo Use the **ExploitGuard CFA File Creator** tool to see how Controlled Folder Access can prevent a suspicious app from creating files in protected folders. The tool is part of the Windows Defender Exploit Guard evaluation package: -- [Download the Exploit Guard Evaluation Package](#) +- [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) This tool can be run locally on an individual machine to see the typical behavior of Controlled Folder Access. The tool is considered by Windows Defender Exploit Guard to be suspicious and will be blocked from creating new files or making changes to existing files in any of your protected folders. diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index 8fd6e5bac9..bc6e1304a2 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -94,7 +94,7 @@ Lastly, we can disable the mitigation so that Internet Explorer works properly a You can now review the events that Exploit Protection sent to the Windows Event log to confirm what happened: -1. Download the [Exploit Guard Evaluation Package](#) and extract the file *ep-events.xml* to an easily accessible location on the machine. +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine. 2. Type **Event viewer** in the Start menu to open the Windows Event Viewer. diff --git a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index 58d87c0668..54066d6d43 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -39,11 +39,11 @@ This topic lists all the events, their associated feature or setting, and descri You can create custom views in the Windows Event Viewer to only see events for specific features and settings. -The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](#), or you can copy the XML directly from this page. +The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w), or you can copy the XML directly from this page. ### Import an existing XML custom view -1. Download the [Exploit Guard Evaluation Package](#) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views: +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views: - Controlled Folder Access events custom view: *cfa-events.xml* - Exploit Protection events custom view: *ep-events.xml* - Attack Surface Reduction events custom view: *asr-events.xml* diff --git a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 3f5642bf11..da95d71d01 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -70,7 +70,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full re You can review the Windows event log to see events that are created when Exploit Protection blocks (or audits) an app: -1. Download the [Exploit Guard Evaluation Package](#) and extract the file *ep-events.xml* to an easily accessible location on the machine. +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine. 2. Type **Event viewer** in the Start menu to open the Windows Event Viewer. diff --git a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index d97fe0df4f..c864cb9ed7 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -51,7 +51,7 @@ You can also convert and import an existing EMET configuration XML file into an This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration. -The [Exploit Guard Evaluation Package](#) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into Exploit Protection and then review the settings in the Windows Defender Security Center app, as described further in this topic. +The [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into Exploit Protection and then review the settings in the Windows Defender Security Center app, as described further in this topic. diff --git a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 69475e5cee..23953b3eb1 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -64,7 +64,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De You can review the Windows event log to see events that are created when Network Protection blocks (or audits) access to a malicious IP or domain: -1. Download the [Exploit Guard Evaluation Package](#) and extract the file *np-events.xml* to an easily accessible location on the machine. +1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *np-events.xml* to an easily accessible location on the machine. 1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.