From d579eaa2aee94c6219cd8bdf992d2921a5dc467f Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Wed, 6 Feb 2019 14:16:30 -0800 Subject: [PATCH] More voice and tone edits. --- .../attack-surface-reduction-exploit-guard.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 2f93a09df1..cc148ac3ab 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -28,16 +28,16 @@ Attack surface reduction rules work best with [Windows Defender Advanced Threat Attack surface reduction rules each target specific behaviors that malware and malicious apps typically use to infect computers, including: - Executable files and scripts used in Office apps or web mail that attempt to download or run files -- Scripts that are obfuscated or otherwise suspicious -- Behaviors that apps undertake that are not usually initiated during normal day-to-day work +- Obfuscated or otherwise suspicious scripts +- Behaviors that apps don't usually initiate during normal day-to-day work -When a rule triggers, the Action Center displays a notification. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. +Triggered rules display a notification. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. -You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. +You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization once enabled. ## Attack surface reduction rules -The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table: +The following sections describe each attack surface reduction rule. This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy: Rule name | GUID -|- @@ -56,7 +56,7 @@ Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9 Block Office communication application from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c -The rules apply to the following Office apps: +In general, attack surface reduction rules apply to the following Office apps: - Microsoft Word - Microsoft Excel