lint/cleaned evaluate exploit protection

windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md

@@ -20,9 +20,9 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-[Exploit protection](exploit-protection-exploit-guard.md) helps protect devices from malware that uses exploits to spread and infect other devices. 
+[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices.
 It consists of a number of mitigations that can be applied to either the operating system or an individual app.
 Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection.
 
@@ -31,8 +31,8 @@ You can enable audit mode for certain app-level mitigations to see how they will
 This lets you see a record of what *would* have happened if you had enabled the mitigation in production.
 You can make sure it doesn't affect your line-of-business apps, and see which suspicious or malicious events occur.
 
->[!TIP]
->You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works.
+> [!TIP]
+> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works.
 
 ## Enable exploit protection in audit mode
 
@@ -48,8 +48,8 @@ You can set mitigations in audit mode for specific programs either by using the
 
     1. If the app you want to configure is already listed, click it and then click **Edit**
     2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
-        - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
-        - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
+        * Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+        * Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
 
 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
 
@@ -61,29 +61,28 @@ To set app-level mitigations to audit mode, use `Set-ProcessMitigation` with the
 
 Configure each mitigation in the following format:
 
-
 ```PowerShell
 Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>
 ```
 
 Where:
 
-- \<Scope>:
-    - `-Name` to indicate the mitigations should be applied to a specific app. Specify the app's executable after this flag.
-- \<Action>:
-    - `-Enable` to enable the mitigation
-    - `-Disable` to disable the mitigation
-- \<Mitigation>:
-    - The mitigation's cmdlet as defined in the following table. Each mitigation is separated with a comma.
+* \<Scope>:
+  * `-Name` to indicate the mitigations should be applied to a specific app. Specify the app's executable after this flag.
+* \<Action>:
+  * `-Enable` to enable the mitigation
+    * `-Disable` to disable the mitigation
+* \<Mitigation>:
+  * The mitigation's cmdlet as defined in the following table. Each mitigation is separated with a comma.
 
-| Mitigation | Audit mode cmdlet |
-| - | - |
-|Arbitrary code guard (ACG) |  AuditDynamicCode |
-|Block low integrity images |  AuditImageLoad   |
-|Block untrusted fonts | AuditFont,   FontAuditOnly |
-|Code integrity guard |   AuditMicrosoftSigned,   AuditStoreSigned |
-|Disable Win32k system calls  |   AuditSystemCall |
-|Do not allow child processes |   AuditChildProcess |
+ Mitigation | Audit mode cmdlet
+-|-
+ Arbitrary code guard (ACG) | AuditDynamicCode
+ Block low integrity images | AuditImageLoad
+ Block untrusted fonts | AuditFont, FontAuditOnly
+ Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned
+ Disable Win32k system calls | AuditSystemCall
+ Do not allow child processes | AuditChildProcess
 
 For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command:
 
@@ -98,21 +97,21 @@ You can disable audit mode by replacing `-Enable` with `-Disable`.
 To review which apps would have been blocked, open Event Viewer and filter for the following events in the Security-Mitigations log.
 
 Feature | Provider/source | Event ID | Description
-:-|:-|:-:|:-
-Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
-Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
-Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
-Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
-Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
-Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
+-|-|-|-
+ Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
+ Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
+ Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
+ Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
+ Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
+ Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
 
 ## Related topics
-- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
-- [Enable exploit protection](enable-exploit-protection.md)
-- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
-- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
-- [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md)
-- [Enable network protection](enable-network-protection.md)
-- [Enable controlled folder access](enable-controlled-folders-exploit-guard.md)
-- [Enable attack surface reduction](enable-attack-surface-reduction.md)
 
+* [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection.md)
+* [Enable exploit protection](enable-exploit-protection.md)
+* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
+* [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+* [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md)
+* [Enable network protection](enable-network-protection.md)
+* [Enable controlled folder access](enable-controlled-folders.md)
+* [Enable attack surface reduction](enable-attack-surface-reduction.md)