From 7129ef7e3ddb11b05dcaebab3adf0f85b92ffe9f Mon Sep 17 00:00:00 2001
From: "Andrea Bichsel (Aquent LLC)" <v-anbic@microsoft.com>
Date: Mon, 30 Apr 2018 08:08:14 -0700
Subject: [PATCH] Add a note about new asr

---
 .../attack-surface-reduction-exploit-guard.md             | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 84481ec609..ad413e8016 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -65,6 +65,14 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
 
 ## Attack surface reduction rules
 
+Windows 10, version 1803 has five new Attack surface reduction rules:
+
+- Block executable files from running unless they meet a prevalence, age, or trusted list criteria 
+- Use advanced protection against ransomware
+- Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+- Block process creations originating from PSExec and WMI commands 
+- Block untrusted and unsigned processes that run from USB 
+
 The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
 
 Rule name | GUID