From bc31d085f99226cf97226f3a156e7786f9f4d19b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 29 Nov 2018 15:26:05 -0800 Subject: [PATCH] edits --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index e08797f196..156ebf59ba 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -69,7 +69,7 @@ However, we recommend enabling real-time protection for improved scanning perfor End-users might plug in removable devices that are infected with malware. In order to prevent infections, a company can block files from usb devices which are not signed or are untrusted. Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the USB activity of untrusted and unsigned processes that execute on a USB device. -This can be done by using the **Block untrusted and unsigned processes that run from USB** rule. +This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively. With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files.