From 2d1efc37d84f27dbf0e9cd4a1384424767a37366 Mon Sep 17 00:00:00 2001
From: markwoMSFT <33707208+markwoMSFT@users.noreply.github.com>
Date: Sun, 2 Dec 2018 23:10:03 -0800
Subject: [PATCH] Change kernal to kernel

---
 .../event-views-exploit-guard.md              | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
index 5f32c57193..f04964a7cd 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@@ -144,30 +144,30 @@ You can access these events in Windows Event viewer:
 
 Feature | Provider/source | Event ID | Description
 :-|:-|:-:|:-
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 1 | ACG audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 2 | ACG enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 3 | Do not allow child processes audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 4 | Do not allow child processes block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 5 | Block low integrity images audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 6 | Block low integrity images block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 7 | Block remote images audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 8 | Block remote images block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 9 | Disable win32k system calls audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 10 | Disable win32k system calls block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 11 | Code integrity guard audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 12 | Code integrity guard block
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 13 | EAF audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 14 | EAF enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 15 | EAF+ audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 16 | EAF+ enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 17 | IAF audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 18 | IAF enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 19 | ROP StackPivot audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 20 | ROP StackPivot enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 21 | ROP CallerCheck audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 22 | ROP CallerCheck enforce
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 23 | ROP SimExec audit
-Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 24 | ROP SimExec enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 2 | ACG enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 4 | Do not allow child processes block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 6 | Block low integrity images block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 8 | Block remote images block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 10 | Disable win32k system calls block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 12 | Code integrity guard block
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 13 | EAF audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 14 | EAF enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 15 | EAF+ audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 16 | EAF+ enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 17 | IAF audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 18 | IAF enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 19 | ROP StackPivot audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 20 | ROP StackPivot enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 21 | ROP CallerCheck audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 22 | ROP CallerCheck enforce
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 23 | ROP SimExec audit
+Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 24 | ROP SimExec enforce
 Exploit protection | WER-Diagnostics | 5 | CFG Block
 Exploit protection | Win32K (Operational) | 260 | Untrusted Font
 Network protection | Windows Defender (Operational) | 5007 | Event when settings are changed
@@ -180,4 +180,4 @@ Controlled folder access | Windows Defender (Operational) | 1127 | Blocked Contr
 Controlled folder access | Windows Defender (Operational) | 1128 | Audited Controlled folder access sector write block event
 Attack surface reduction | Windows Defender (Operational) | 5007 | Event when settings are changed
 Attack surface reduction | Windows Defender (Operational) | 1122 | Event when rule fires in Audit-mode 
-Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode 
\ No newline at end of file
+Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode