Merge branch 'master' into sccm-windows-sec

2025-06-23 14:23:38 +00:00 · 2019-04-29 10:38:03 -07:00
parent 9c0c338cfa f963e6fa85
commit 8b7f10c242
38 changed files with 279 additions and 172 deletions
--- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@ -27,7 +27,9 @@ You might want to do this when testing how the features will work in your organi

 While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.

-You can use Windows Defender Advanced Threat Protection to get greater deatils for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
+
+You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).

 This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. 

--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: Justinha
+ms.author: justinha
 ms.date: 04/02/2019
 ---

--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
@ -72,11 +72,11 @@ If you've tested the feature with the demo site and with audit mode, and network
 When you report a problem with network protection, you are asked to collect and submit diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues. 

 1. Open an elevated command prompt and change to the Windows Defender directory:
-   ```console
+   ```
   cd c:\program files\windows defender
   ```
 2. Run this command to generate the diagnostic logs:
-   ```console
+   ```
   mpcmdrun -getfiles
   ```
 3. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form.