Merge pull request #2256 from markwoMSFT/patch-2

Change kernal to kernel
2025-05-14 22:37:22 +00:00 · 2018-12-03 05:34:18 -08:00 · 2018-12-03 05:34:18 -08:00 · 43d3ff99a9
commit 43d3ff99a9
parent b1d16a790b 2d1efc37d8
1 changed files with 25 additions and 25 deletions
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@ -144,30 +144,30 @@ You can access these events in Windows Event viewer:

 Feature | Provider/source | Event ID | Description
 :-|:-|:-:|:-
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 1 | ACG audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 2 | ACG enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 3 | Do not allow child processes audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 4 | Do not allow child processes block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 5 | Block low integrity images audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 6 | Block low integrity images block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 7 | Block remote images audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 8 | Block remote images block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 9 | Disable win32k system calls audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 10 | Disable win32k system calls block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 11 | Code integrity guard audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 12 | Code integrity guard block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 13 | EAF audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 14 | EAF enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 15 | EAF+ audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 16 | EAF+ enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 17 | IAF audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 18 | IAF enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 19 | ROP StackPivot audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 20 | ROP StackPivot enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 21 | ROP CallerCheck audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 22 | ROP CallerCheck enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 23 | ROP SimExec audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 24 | ROP SimExec enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 2 | ACG enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 4 | Do not allow child processes block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 6 | Block low integrity images block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 8 | Block remote images block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 10 | Disable win32k system calls block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 12 | Code integrity guard block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 13 | EAF audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 14 | EAF enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 15 | EAF+ audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 16 | EAF+ enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 17 | IAF audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 18 | IAF enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 19 | ROP StackPivot audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 20 | ROP StackPivot enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 21 | ROP CallerCheck audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 22 | ROP CallerCheck enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 23 | ROP SimExec audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 24 | ROP SimExec enforce
 Exploit protection | WER-Diagnostics | 5 | CFG Block
 Exploit protection | Win32K (Operational) | 260 | Untrusted Font
 Network protection | Windows Defender (Operational) | 5007 | Event when settings are changed
@ -180,4 +180,4 @@ Controlled folder access | Windows Defender (Operational) | 1127 | Blocked Contr
 Controlled folder access | Windows Defender (Operational) | 1128 | Audited Controlled folder access sector write block event
 Attack surface reduction | Windows Defender (Operational) | 5007 | Event when settings are changed
 Attack surface reduction | Windows Defender (Operational) | 1122 | Event when rule fires in Audit-mode 
-Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode 
+Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode