fixed links

2025-06-18 20:03:40 +00:00 · 2019-03-26 19:06:16 -07:00
parent ff0a652c8d
commit 55f2f9d785
6 changed files with 20 additions and 13 deletions
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@ -236,7 +236,7 @@ SCCM name: Not applicable
 GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
-## Review attack surface reduction in Windows Event Viewer
+## Review attack surface reduction events in Windows Event Viewer
 You can review the Windows event log to see events that are created when attack surface rules block (or audit) an app:
--- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@ -40,9 +40,9 @@ You can use Group Policy, PowerShell, and configuration service providers (CSPs)
 Audit options | How to enable audit mode | How to view events
 - | - | -
-Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
+Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) | [Controlled folder access events](evaluate-controlled-folders.md#review-controlled-folder-access-events-in-windows-event-viewer)
-Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md)
+Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
-Audit applies to all events | [Enable network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
+Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer)
 Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 11/16/2018
+ms.date: 03/26/2019
 ---
 # Customize exploit protection
@ -156,7 +156,7 @@ Get-ProcessMitigation -Name processName.exe
 >
 >For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied. 
 >
->The default setting for each system-level mitigation can be seen in the Windows Security, as described in the [Configure system-level mitigations with the Windows Security app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
+>The default setting for each system-level mitigation can be seen in the Windows Security.
 Use `Set` to configure each mitigation in the following format:
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
@ -120,7 +120,7 @@ Get-ProcessMitigation -Name processName.exe
 >
 >For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied. 
 >
->The default setting for each system-level mitigation can be seen in the Windows Security, as described in the [Configure system-level mitigations with the Windows Security app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
+>The default setting for each system-level mitigation can be seen in the Windows Security.
 Use `Set` to configure each mitigation in the following format:
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@ -45,7 +45,14 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
 >If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
 You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders-exploit-guard.md).
-For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+## Review controlled folder access events in Windows Event Viewer
 The following controlled folder access events appear in Windows Event Viewer.
 Event ID | Description
 5007     | Event when settings are changed
 1124     | Audited controlled folder access event
 1123     | Blocked controlled folder access event
 ## Customize protected folders and apps
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@ -12,7 +12,7 @@ ms.date: 04/16/2018
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 08/08/2018
+ms.date: 03/26/2019
 ---
 # View attack surface reduction events
@ -35,7 +35,7 @@ You can create custom views in the Windows Event Viewer to only see events for s
 The easiest way to do this is to import a custom view as an XML file. You can copy the XML directly from this page.
-You can also manually navigate to the event area that corresponds to the feature. For more details, see the [list of attack surface reduction events](#list-of-attack-surface-reduction-events) section at the end of this topic.
+You can also manually navigate to the event area that corresponds to the feature. 
 ### Import an existing XML custom view
@ -43,7 +43,7 @@ You can also manually navigate to the event area that corresponds to the feature
    -  Controlled folder access events custom view: *cfa-events.xml*
    -  Exploit protection events custom view: *ep-events.xml*
    -  Attack surface reduction events custom view: *asr-events.xml*
-    -  Network protection events custom view: *np-events.xml*
+    -  Network/ protection events custom view: *np-events.xml*
 1. Type **event viewer** in the Start menu and open **Event Viewer**.
@ -55,7 +55,7 @@ You can also manually navigate to the event area that corresponds to the feature
 4. Click **Open**.
-5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events).
+5. This will create a custom view that filters to only show the events related to that feature.
 ### Copy the XML directly
@ -73,7 +73,7 @@ You can also manually navigate to the event area that corresponds to the feature
 4. Click **OK**. Specify a name for your filter.
-5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events).
+5. This will create a custom view that filters to only show the events related to that feature.
 ### XML for attack surface reduction rule events