diff --git a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index f44be6d234..025616a35a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -28,7 +28,7 @@ ms.date: 08/25/2017 - Enterprise security administrators -You can enable each of the features of Windows Defender Explot Guard in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. +You can enable each of the features of Windows Defender Exploit Guard in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period. @@ -58,7 +58,7 @@ You can also use the a custom PowerShell script that enables the features in aud 2. Right-click **Windows PowerShell**, click **Run as administrator** and click **Yes** or enter admin credentials at the prompt. -3. Enter the following in the PowerShell window to enable Controlled folder access and Attack surface reduction in audie mode: +3. Enter the following in the PowerShell window to enable Controlled folder access and Attack surface reduction in audit mode: ```PowerShell Set-ExecutionPolicy Bypass -Force \Enable-ExploitGuardAuditMode.ps1 diff --git a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index cd9a452a41..8845aed6d0 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -86,7 +86,7 @@ Audit mode allows the rule to report as if it actually blocked the file or proce If you've tested the rule with the demo tool and with audit mode, and ASR is working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation: 1. If the ASR rule is blocking something that it should not block (also known as a false positive), you can [first add an ASR exclusion](#add-exclusions-for-a-false-positive). -2. If the ASR rule is not blocking something that it should block (also known as a false negative), you can proceed immeidately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data). +2. If the ASR rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data). ## Add exclusions for a false positive