Merge pull request #3286 from lindspea/patch-7

Update audit-windows-defender-exploit-guard.md
2025-05-14 06:17:22 +00:00 · 2019-04-24 15:09:02 -07:00 · 2019-04-24 15:09:02 -07:00 · a022e8ea34
commit a022e8ea34
parent 3153904fef f8f32b28ec
1 changed files with 3 additions and 1 deletions
--- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@ -27,7 +27,9 @@ You might want to do this when testing how the features will work in your organi

 While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.

-You can use Windows Defender Advanced Threat Protection to get greater deatils for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
+
+You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).

 This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.