diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index f010f23e9d..a0a0720c4e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -127,7 +127,7 @@ Example: 3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. -4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section: +4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section. Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: @@ -176,11 +176,11 @@ Example: > Set-MpPreference -AttackSurfaceReductionRules_Ids ,,, -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode > ``` - You can also the `Add-MpPreference` PowerShell verb to add new rules to the existing list. + You can also use the `Add-MpPreference` PowerShell verb to add new rules to the existing list. > [!WARNING] > `Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, you should use `Add-MpPreference` instead. - > You can obtain a list of rules and their current state by using `Get-MpPreference` + > You can obtain a list of rules and their current state by using `Get-MpPreference`. 3. To exclude files and folders from ASR rules, use the following cmdlet: