From f217aa03427eb85ab6861f397536010a637e3cbe Mon Sep 17 00:00:00 2001
From: Iaan D'Souza-Wiltshire <15990269+iaanw@users.noreply.github.com>
Date: Thu, 6 Dec 2018 17:06:59 -0800
Subject: [PATCH] Remove link to eval package

Removed link to eval package which has outdated tools.
---
 .../event-views-exploit-guard.md                              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
index f04964a7cd..fc9d4153fb 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@@ -33,13 +33,13 @@ You can also get detailed reporting into events and blocks as part of Windows Se
 
 You can create custom views in the Windows Event Viewer to only see events for specific capabilities and settings.
 
-The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w), or you can copy the XML directly from this page.
+The easiest way to do this is to import a custom view as an XML file. You can copy the XML directly from this page.
 
 You can also manually navigate to the event area that corresponds to the feature, see the [list of attack surface reduction events](#list-of-attack-surface-reduction-events) section at the end of this topic for more details.
 
 ### Import an existing XML custom view
 
-1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropriate file to an easily accessible location. The following filenames are each of the custom views:
+1. Create an empty .txt file and copy the XML for the custom view you want to use into the .txt file. Do this for each of the custom views you want to use. Rename the files as follows (ensure you change the type from .txt to .xml):
     -  Controlled folder access events custom view: *cfa-events.xml*
     -  Exploit protection events custom view: *ep-events.xml*
     -  Attack surface reduction events custom view: *asr-events.xml*