From aff98e1c38048eb5916da00fa6dc3497c6248d7e Mon Sep 17 00:00:00 2001
From: martyav <v-maave@microsoft.com>
Date: Tue, 24 Mar 2020 11:19:30 -0400
Subject: [PATCH] updated problematic parentheses-bearing bookmark

---
 .../microsoft-defender-atp/attack-surface-reduction-faq.md    | 2 +-
 .../microsoft-defender-atp/attack-surface-reduction.md        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
index 8f13e78322..9f14575d2d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
@@ -53,7 +53,7 @@ ASR currently supports all of the rules below:
 * [Block execution of potentially obfuscated scripts](attack-surface-reduction.md#block-execution-of-potentially-obfuscated-scripts)
 * [Block Win32 API calls from Office macro](attack-surface-reduction.md#block-win32-api-calls-from-office-macros)
 * [Use advanced protection against ransomware](attack-surface-reduction.md#use-advanced-protection-against-ransomware)<!-- Note: Because the following link contains characters the validator is not expecting, it throws a warning that the bookmark does not exist. This is a false positive; the link correctly targets the heading, Block credential stealing from the Windows local security authority subsystem (lsass.exe), when selected -->
-* [Block credential stealing from the Windows local security authority subsystem (lsass.exe)](attack-surface-reduction.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem-(lsass.exe))
+* [Block credential stealing from the Windows local security authority subsystem (lsass.exe)](attack-surface-reduction.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem)
 * [Block process creations originating from PSExec and WMI commands](attack-surface-reduction.md#block-process-creations-originating-from-psexec-and-wmi-commands)
 * [Block untrusted and unsigned processes that run from USB](attack-surface-reduction.md#block-untrusted-and-unsigned-processes-that-run-from-usb)
 * [Block executable files from running unless they meet a prevalence, age, or trusted list criteria](attack-surface-reduction.md#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 805b9f7639..828455927c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -100,7 +100,7 @@ The following sections describe each of the 15 attack surface reduction rules. T
 [Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B | Supported
 [Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | 01443614-cd74-433a-b99e-2ecdc07bfc25 | Supported
 [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | c1db55ab-c21a-4637-bb3f-a12568109d35 | Supported
-<!-- Note: Because the following link contains characters the validator is not expecting, it throws a warning that the bookmark does not exist. This is a false positive; the link correctly targets the heading, Block credential stealing from the Windows local security authority subsystem (lsass.exe), when selected -->[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem-(lsass.exe)) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 | Supported
+[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 | Supported
 [Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | d1e49aac-8f56-4280-b9ba-993a6d77406c | Not supported
 [Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 | Supported
 [Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | 26190899-1602-49e8-8b27-eb1d0a1ce869 | Supported
@@ -252,7 +252,7 @@ Configuration Manager name: Use advanced protection against ransomware
 
 GUID: c1db55ab-c21a-4637-bb3f-a12568109d35
 
-### Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+### Block credential stealing from the Windows local security authority subsystem
 
 This rule helps prevent credential stealing, by locking down Local Security Authority Subsystem Service (LSASS).