Corrected capitalization, changed ASR to ASR rules

windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md

@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot problems with Attack surface reduction rules
+title: Troubleshoot problems with attack surface reduction rules
 description: Check pre-requisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues
 keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking
 search.product: eADQiWindows 10XVcnh
@@ -14,23 +14,17 @@ ms.author: v-anbic
 ms.date: 05/17/2018
 ---
 
-# Troubleshoot Attack surface reduction rules
+# Troubleshoot attack surface reduction rules
 
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
-- IT administrators
-
-When you use [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as:
+When you use [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as:
 
 - A rule blocks a file, process, or performs some other action that it should not (false positive)
 - A rule does not work as described, or does not block a file or process that it should (false negative)
 
-
-
 There are four steps to troubleshooting these problems:
 
 1. Confirm that you have met all pre-requisites
@@ -38,11 +32,9 @@ There are four steps to troubleshooting these problems:
 3. Add exclusions for the specified rule (for false positives)
 3. Submit support logs
 
-
-
 ## Confirm pre-requisites
 
-Attack surface reduction (ASR) will only work on devices with the following conditions:
+Attack surface reduction rules will only work on devices with the following conditions:
 
 >[!div class="checklist"]
 > - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update).
@@ -50,47 +42,44 @@ Attack surface reduction (ASR) will only work on devices with the following cond
 > - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
 > - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable ASR topic](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules).
 
-
 If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode.
 
 ## Use audit mode to test the rule
 
 There are two ways that you can test if the rule is working. 
 
-You can use a pre-configured demo tool to confirm ASR is generally working on the device, or you can use audit mode, which enables the rule for reporting only. 
+You can use a pre-configured demo tool to confirm attack surface reduction rules are generally working on the device, or you can use audit mode, which enables rules for reporting only. 
 
-The demo tool uses pre-configured scenarios and processes, which can be useful to first see if the ASR feature as a whole is operating correctly.
+The demo tool uses pre-configured scenarios and processes, which can be useful to first see if the attack surface reduction rule feature as a whole is operating correctly.
 
 If you encounter problems when running the demo tool, check that the device you are testing the tool on meets the [pre-requisites listed above](#confirm-pre-requisites).
 
-You should follow the instructions in the section [Use the demo tool to see how ASR works](evaluate-attack-surface-reduction.md#use-the-demo-tool-to-see-how-attack-surface-reduction-works) to test the specific rule you are encountering problems with.
+You should follow the instructions in the section [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md#use-the-demo-tool-to-see-how-attack-surface-reduction-works) to test the specific rule you are encountering problems with.
 
 >[!TIP]
->While the instructions for using the demo tool are intended for evaluating or seeing how ASR works, you can use it to test that the rule works on known scenarios that we have already extensively tested before we released the feature. 
+>While the instructions for using the demo tool are intended for evaluating or seeing how attack surface reduction rules work, you can use it to test that the rule works on known scenarios that we have already extensively tested before we released the feature. 
 
 Audit mode allows the rule to report as if it actually blocked the file or process, but will still allow the file to run.
 
-1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in the [Enable ASR topic](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules).
+1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules).
 2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed).
-3. [Review the ASR event logs](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**.
-
+3. [Review the attack surface reductio rule event logs](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**.
 
 >[!TIP] 
 >Audit mode will stop the rule from blocking the file or process. 
 >
 >If a rule is not blocking a file or process that you are expecting it should block, first check if audit mode is enabled. 
 >
->Audit mode may have been enabled for testing another feature in Windows Defender Exploit Guard, or by an automated PowerShell script, and may not have been disabled after the tests were completed.
+>Audit mode may have been enabled for testing another feature, or by an automated PowerShell script, and may not have been disabled after the tests were completed.
 
+If you've tested the rule with the demo tool and with audit mode, and attack surface reduction rules are working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation:
 
-If you've tested the rule with the demo tool and with audit mode, and ASR is working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation:
-
-1. If the ASR rule is blocking something that it should not block (also known as a false positive), you can [first add an ASR exclusion](#add-exclusions-for-a-false-positive).
-2. If the ASR rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data).
+1. If the attack surface reduction rule is blocking something that it should not block (also known as a false positive), you can [first add an attack surface reduction rule exclusion](#add-exclusions-for-a-false-positive).
+2. If the attack surface reduction rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data).
 
 ## Add exclusions for a false positive
 
-You can add exclusions to ASR to prevent ASR rules from evaluating the excluded files or folders.
+You can add exclusions to prevent attack surface reduction rules from evaluating the excluded files or folders.
 
 This is useful if you have enabled a rule, and it is blocking a file, process, or action that you believe it should not block. You can then collect data from an endpoint where the rule is not working correctly and send that information to us.
 
@@ -101,12 +90,11 @@ To add an exclusion, see the [Customize Attack surface reduction](customize-atta
 >
 >This means any files or folders that are excluded will be excluded from all ASR rules.
 
-
 If you have followed all previous troubleshooting steps, and you still have a problem (in particular, if you have a false positive), you should proceed to the next step to collect diagnostic information and send it to us.
 
 ## Collect diagnostic data
 
-You can use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a problem with ASR.
+You can use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a problem with attack surface reduction rules.
 
 When you fill out the submission form, you will be asked to specify whether it is a false negative or false positive. If you have an E5 subscription for Windows Defender Advanced Threat Protection, you can also [provide a link to the associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md) (if there is one).
 
@@ -115,14 +103,8 @@ You must also attach associated files in a .zip file (such as the file or execut
 Follow the link below for instructions on how to collect the .cab file:
 
 > [!div class="nextstepaction"]
-> [Collect and submit diagnostic data Windows Defender Exploit Guard issues](collect-cab-files-exploit-guard-submission.md)
-
-
-
-
-
+> [Collect and submit diagnostic data](collect-cab-files-exploit-guard-submission.md)
 
 ## Related topics
 
-- [Windows Defender Exploit Guard](windows-defender-exploit-guard.md)
-- [Attack surface reduction](attack-surface-reduction-exploit-guard.md)
+- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md)