From 2650f302b61b16b5037656a2360d00a652c7e20c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:35:51 -0800
Subject: [PATCH] Update attack-surface-reduction.md

---
 .../microsoft-defender-atp/attack-surface-reduction.md   | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 72473b65c6..cf10e80626 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -64,7 +64,7 @@ Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
  
-Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state).
+Microsoft Defender Antivirus must be running with real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state).
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed.
 - Minimum platform release requirement: `4.18.2008.9`  
@@ -126,13 +126,9 @@ DeviceEvents
 You can review the Windows event log to view events generated by attack surface reduction rules:
 
 1. Download the [Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the device.
-
 2. Enter the words, *Event Viewer*, into the Start menu to open the Windows Event Viewer.
-
 3. Under **Actions**, select **Import custom view...**.
-
 4. Select the file *cfa-events.xml* from where it was extracted. Alternatively, [copy the XML directly](event-views.md).
-
 5. Select **OK**.
 
 You can create a custom view that filters events to only show the following events, all of which are related to controlled folder access:
@@ -465,9 +461,6 @@ GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35`
 ## See also
 
 - [Attack surface reduction FAQ](attack-surface-reduction-faq.md)
-
 - [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
-
 - [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
-
 - [Compatibility of Microsoft Defender Antivirus with other antivirus/antimalware solutions](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)