Changed procedures in three asr topics.

windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md

@@ -184,8 +184,6 @@ You can review the Windows event log to see events that are created when an atta
 
 3. On the left panel, under **Actions**, click **Import custom view...**
   
-    ![Animation showing the import custom view on the Event viewer window](images/events-import.gif)
-
 4. Navigate to the Exploit Guard Evaluation Package, and select the file *asr-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
 
 5. Click **OK**.

windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md

@@ -38,6 +38,12 @@ You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate ho
 
 Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md).
 
+## Review controlled folder access events in the Windows Defender ATP Security Center
+
+Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). 
+
+You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+
 ## Review controlled folder access events in Windows Event Viewer
 
 You can review the Windows event log to see events that are created when controlled folder access blocks (or audits) an app:
@@ -48,8 +54,6 @@ You can review the Windows event log to see events that are created when control
 
 3. On the left panel, under **Actions**, click **Import custom view...**.
    
-   ![Animation showing the import custom view on the Event viewer window](images/events-import.gif)
-
 4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
 
 4. Click **OK**.

windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -41,6 +41,11 @@ Windows 10 version | Windows Defender Antivirus
 - | -
 Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
 
+## Review network protection events in the Windows Defender ATP Security Center
+
+Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). 
+
+You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
 
 ## Review network protection events in Windows Event Viewer
 
@@ -52,8 +57,6 @@ You can review the Windows event log to see events that are created when network
 
 2. On the left panel, under **Actions**, click **Import custom view...**
  
-    ![Antimation of the import custom view option](images/events-import.gif)
-
 3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
 
 4. Click **OK**.