From 3c3868085df7276539797ec9c3b897d7dfa3fa66 Mon Sep 17 00:00:00 2001
From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com>
Date: Wed, 25 Apr 2018 16:18:29 -0400
Subject: [PATCH] Update windows-defender-exploit-guard.md

---
 .../windows-defender-exploit-guard.md                  | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index d09244ac19..dfe26a4f8f 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -61,19 +61,15 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e
 
 Each of the features in Windows Defender EG have slightly different requirements:
 
-![not supported](./images/check-no.png) (X) = not supported</br>
-![supported, limited](./images/check-blue.png) (blue checkmark) = supported, limited reporting</br>
-![supported](./images/check-yes.png)  (green checkmark) = supported, full reporting in the Windows Defender ATP console
-
 | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
 |-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- |
-| Exploit Protection | ![supported](./images/check-yes.png) | ![supported, limited](./images/check-blue.png)<sup>1,2</sup> | ![supported, limited](./images/check-blue.png)<sup>2</sup> | ![supported](./images/check-yes.png) |
-| Attack surface reduction | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) |
+| Exploit Protection | ![supported](./images/check-yes.png) | ![supported, limited](./images/check-blue.png) | ![supported, limited](./images/check-blue.png)<sup>1,2</sup> | ![supported](./images/ball_full.png) |
+| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) |
 | Network Protection | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported, limited](./images/check-blue.png)<sup>2</sup> | ![supported](./images/check-yes.png) |
 | Controlled Folder Access | ![supported, limited](./images/check-blue.png)<sup>2</sup> | ![supported, limited](./images/check-blue.png)<sup>2</sup> | ![supported, limited](./images/check-blue.png)<sup>2</sup> | ![supported](./images/check-yes.png) |
 
 > [!NOTE]
-> 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).
+> 1 - Includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).
 > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console.