final changes/tweaks to check meta before pub

windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date:08/25/2017
+ms.date: 08/25/2017
 ---
 
 # Customize Exploit Protection
@@ -128,11 +128,13 @@ Exporting the configuration as an XML file allows you to copy the configuration
 
 
 4. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
+
 5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
 
     ![](images/wdsc-exp-prot-app-settings-options.png)
 
 You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml) or return to configure system-level mitigations. 
+
 Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
 
 
@@ -148,15 +150,15 @@ Exporting the configuration as an XML file allows you to copy the configuration
 
  You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app:
 
-```
+```PowerShell
 Get-ProcessMitigation -Name processName.exe 
 ```
 
  Use `Set` to configure each mitigation in the following format:
 
  ```PowerShell
- Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>
- ```
+Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>
+```
 
 
 Where:
@@ -174,8 +176,8 @@ Where:
  For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command:
 
  ```PowerShell
- Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation
- ```
+Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation
+```
 
  >[!IMPORTANT]
  >Seperate each mitigation option with commas.
@@ -183,16 +185,16 @@ Where:
  If you wanted to apply DEP at the system level, you'd use the following command:
 
  ```PowerShell
- Set-Processmitigation -System -Enable DEP
- ```
+Set-Processmitigation -System -Enable DEP
+```
 
  To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app.
 
  If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example:
 
   ```PowerShell
- Set-Processmitigation -Name test.exe -Remove -Disable DEP
- ```
+Set-Processmitigation -Name test.exe -Remove -Disable DEP
+```
 
 
   You can also set some mitigations to audit mode. Instead of using the PowerShell cmdlet for the mitigation, use the **Audit mode** cmdlet as specified in the [mitigation cmdlets table](#cmdlets-table) below. 
@@ -200,8 +202,8 @@ Where:
  For example, to enable Arbitrary Code Guard (ACG) in audit mode for the *testing.exe* used in the example above, you'd use the following command:
 
  ```PowerShell
- Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode
- ```
+Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode
+```
 
 You can disable audit mode by using the same command but replacing `-Enable` with `-Disable`.
 
@@ -226,7 +228,7 @@ Block remote images | App-level only |   BlockRemoteImages  | Audit not availabl
 Block untrusted fonts | App-level only |   DisableNonSystemFonts  |   AuditFont,   FontAuditOnly 
 Code integrity guard | App-level only |   BlockNonMicrosoftSigned,   AllowStoreSigned  |   AuditMicrosoftSigned,   AuditStoreSigned 
 Disable extension points | App-level only |   ExtensionPoint  | Audit not available
-Disable Win32k system calls | App-level only |   DisableWin32kSystemCalls  |   AuditSystemCall 
+Disable Win32k system calls | App-level only |   DisableWin32kSystemCalls  |   AuditSystemCall
 Do not allow child processes | App-level only |   DisallowChildProcessCreation  |   AuditChildProcess
 Export address filtering (EAF) | App-level only |   EnableExportAddressFilterPlus,   EnableExportAddressFilter  <a href="r1" id="t1">\[1\]</a> | Audit not available 
 Import address filtering (IAF) | App-level only |   EnableImportAddressFilter  | Audit not available 
@@ -240,9 +242,14 @@ Validate stack integrity (StackPivot) | App-level only |   EnableRopStackPivot
 
 <a href="t1" id="r1">\[1\]</a>: Use the following format to enable EAF modules for dlls for a process:
 
-    ```
-    Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll 
-    ```
+```PowerShell
+Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll 
+```
+
+
+## Customize the notification
+
+See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
 
 ## Related topics