From 76bf8214700ecefd1b6a39a98f16014ab2b920fb Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Tue, 7 May 2019 15:55:04 -0700
Subject: [PATCH] edits

---
 .../attack-surface-reduction-exploit-guard.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 8ea88cdbf2..3392402f08 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -270,7 +270,7 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
 
 ### Block persistence through WMI event subscription
 
-Fileless threats employ various tactics to stay hidden, to avoid being seen as a regular file in the file system. To gain periodic execution control, some threats could abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository. 
+Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository. 
 
 Intune name: Block persistence through WMI event subscription