removed images

windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md

@@ -62,26 +62,22 @@ For further details on how audit mode works and when to use it, see [Audit Windo
 
 ### Intune
 
-1. In Intune, select *Device configuration* > *Profiles*. Choose an existing endpoint protection profile or create a new one. To create a new one, select *Create profile* and enter information for this profile. For *Profile type*, select *Endpoint protection*. If you've chosen an existing profile, select *Properties* and then select *Settings*.
+1. In Intune, select **Device configuration** > **Profiles**. Choose an existing endpoint protection profile or create a new one. To create a new one, select **Create profile** and enter information for this profile. For **Profile type**, select **Endpoint protection**. If you've chosen an existing profile, select **Properties** and then select **Settings**.
 
-2. In the *Endpoint protection* pane, select *Windows Defender Exploit Guard*, then select *Attack Surface Reduction*. Select the desired setting for each ASR rule.
+2. In the **Endpoint protection** pane, select **Windows Defender Exploit Guard**, then select **Attack Surface Reduction**. Select the desired setting for each ASR rule.
 
-3. Under *Attack Surface Reduction exceptions*, you can enter individual files and folders, or you can select *Import* to import a CSV file that contains files and folders to exclude from ASR rules. Each line in the CSV file should be in the following format:
+3. Under **Attack Surface Reduction exceptions**, you can enter individual files and folders, or you can select **Import** to import a CSV file that contains files and folders to exclude from ASR rules. Each line in the CSV file should be in the following format:
-	
 	
+   *C:\folder*, *%ProgramFiles%\folder\file*, *path*	
 
-4. Select *OK* on the three configuration panes and then select *Create* if you're creating a new endpoint protection file or *Save* if you're editing an existing one.
+4. Select **OK** on the three configuration panes and then select **Create** if you're creating a new endpoint protection file or **Save** if you're editing an existing one.
 
 ### SCCM
 
 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-   ![Windows Defender Exploit Guard](images/wdeg.png)
 1. Click **Home** > **Create Exploit Guard Policy**.
-   ![Create Exploit Guard Policy](images/create-exploit-guard-policy.md)
 1. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**.
-   ![ASR rules](images/sccm-asr-rules.png)
 1. Choose which rules will block or audit actions and click **Next**.
-   ![ASR blocks](images/sccm-asr-blocks.png)
 1. Review the settings and click **Next** to create the policy.
 1. After the policy is created, click **Close**. 
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -20,7 +20,7 @@ ms.date: 04/22/2019
 
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-[Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
+[Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019.
 
 You can enable controlled folder access by using any of the these methods:
 
@@ -31,13 +31,12 @@ You can enable controlled folder access by using any of the these methods:
 - [Group Policy](#group-policy)
 - [PowerShell](#powershell)
 
- Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
+[Audit mode](#evaluate-controlled-folder-access.md) allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
 
 >[!NOTE]
 >The Controlled folder access feature will display the state in the Windows Security app under **Virus & threat protection settings**.
 >If the feature is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Security app after a restart of the device.
 >If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**.
->See [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) for more details on how audit mode works.
 ><p>
 >Group Policy settings that disable local administrator list merging will override controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through controlled folder access. These policies include:
 >- Windows Defender Antivirus **Configure local administrator merge behavior for lists**
@@ -71,13 +70,9 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
 ## SCCM
 
 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-   ![Windows Defender Exploit Guard](images/wdeg.png)
 1. Click **Home** > **Create Exploit Guard Policy**.
-   ![Create Exploit Guard Policy](images/create-exploit-guard-policy.md)
 1. Enter a name and a description, click **Controlled folder access**, and click **Next**.
-   ![CFA](images/sccm-cfa.png)
 1. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.
-   ![CFA block](images/sccm-cfa-block.png)
 1. Review the settings and click **Next** to create the policy.
 1. After the policy is created, click **Close**. 
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md

@@ -128,13 +128,9 @@ Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt
 ## SCCM
 
 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-   ![Windows Defender Exploit Guard](images/wdeg.png)
 1. Click **Home** > **Create Exploit Guard Policy**.
-   ![Create Exploit Guard Policy](images/create-exploit-guard-policy.md)
 1. Enter a name and a description, click **Exploit protection**, and click **Next**.
-   ![EP](images/sccm-ep.png)
 1. Browse to the location of the exploit protection XML file and click **Next**.
-   ![ASR blocks](images/sccm-ep-xml.png)
 1. Review the settings and click **Next** to create the policy.
 1. After the policy is created, click **Close**. 
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md

@@ -48,13 +48,9 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://d
 ## SCCM
 
 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-   ![Windows Defender Exploit Guard](images/wdeg.png)
 1. Click **Home** > **Create Exploit Guard Policy**.
-   ![Create Exploit Guard Policy](images/create-exploit-guard-policy.md)
 1. Enter a name and a description, click **Network protection**, and click **Next**.
-   ![ASR rules](images/sccm-np.png)
 1. Choose whether to block or audit access to suspicious domains and click **Next**.
-   ![ASR blocks](images/sccm-np-block.png)
 1. Review the settings and click **Next** to create the policy.
 1. After the policy is created, click **Close**.