diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index 20dfb9bbb5..75d9674bee 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -34,6 +34,8 @@ You can exclude files and folders from being evaluated by most attack surface re
 >- Block process creations originating from PSExec and WMI commands
 >- Block JavaScript or VBScript from launching downloaded executable content
 
+You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to.
+
 >[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** is owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly.
 >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.