diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md
index db62a206fb..92c2dfc96e 100644
--- a/windows/privacy/manage-windows-1709-endpoints.md
+++ b/windows/privacy/manage-windows-1709-endpoints.md
@@ -153,7 +153,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
+| svchost        | HTTP     | ctldl.windowsupdate.com | 
 
 ## Device authentication
 
diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md
index 56cece92c2..5cbbfcd3d1 100644
--- a/windows/privacy/manage-windows-1803-endpoints.md
+++ b/windows/privacy/manage-windows-1803-endpoints.md
@@ -145,20 +145,16 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Certificates
 
-The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. 
+The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
 
-| Source process | Protocol | Destination |
-|----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
-
-The following endpoints are used to download certificates that are publicly known to be fraudulent.
+Additionally, it is used to download certificates that are publicly known to be fraudulent.
 These settings are critical for both Windows security and the overall security of the Internet. 
 We do not recommend blocking this endpoint.
 If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
+| svchost        | HTTP     | ctldl.windowsupdate.com | 
 
 ## Device authentication
 
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index f1805362f1..dd3a50a2fe 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -155,20 +155,16 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Certificates
 
-The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. 
+The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
 
-| Source process | Protocol | Destination |
-|----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
-
-The following endpoints are used to download certificates that are publicly known to be fraudulent.
+Additionally, it is used to download certificates that are publicly known to be fraudulent.
 These settings are critical for both Windows security and the overall security of the Internet. 
 We do not recommend blocking this endpoint.
 If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
+| svchost        | HTTP     | ctldl.windowsupdate.com | 
 
 ## Device authentication
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index 675f449f0b..8e84a3872c 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -34,13 +34,13 @@ You can manually add the rules by using the GUIDs in the following table:
 
 Rule description | GUID
 -|-
-Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
-Block all Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
-Block Office applications from creating executable content  | 3B576869-A4EC-4529-8536-B80A7769E899
-Block Office applications from injecting code into other processes | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
-Block JavaScript or VBScript from launching downloaded executable content | D3E037E1-3EB8-44C8-A917-57927947596D
-Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
-Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+Block executable content from email client and webmail | be9ba2d9-53ea-4cdc-84e5-9B1eeee46550
+Block all Office applications from creating child processes | d4f940ab-401b-4efc-aadc-ad5f3c50688a
+Block Office applications from creating executable content  | 3b576869-a4eC-4529-8536-b80a7769e899
+Block Office applications from injecting code into other processes | 75668c1f-73b5-4Cf0-bb93-3ecf5cb7cc84
+Block JavaScript or VBScript from launching downloaded executable content | d3e037e1-3eb8-44c8-a917-57927947596d
+Block execution of potentially obfuscated scripts  | 5beb7efe-fd9A-4556-801d-275e5ffc04cc
+Block Win32 API calls from Office macro | 92e97fa1-2edf-4476-bdd6-9dd0B4dddc7b
 Block executable files from running unless they meet a prevalence, age, or trusted list criteria | 01443614-cd74-433a-b99e-2ecdc07bfc25
 Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d35
 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2