deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #3032 from msbemba/patch-3

Browse Source 
Update network-protection-exploit-guard.md
This commit is contained in:
Justin Hall 2019-03-28 15:28:50 -07:00 committed by GitHub
commit 2d96ebdabc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
View File

@ -53,17 +53,11 @@ You can query Windows Defender ATP data by using [Advanced hunting](https://docs
You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain:
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *np-events.xml* to an easily accessible location on the machine.
1. [Copy the XML directly](event-views-exploit-guard.md).
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
2. Click **OK**.
2. On the left panel, under **Actions**, click **Import custom view...**
3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
4. Click **OK**.
5. This will create a custom view that filters to only show the following events related to network protection:
3. This will create a custom view that filters to only show the following events related to network protection:
Event ID | Description
-|-