You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/troubleshoot-asr.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -112,7 +112,7 @@ If you tested the rule with the demo tool and with audit mode, and attack surfac
112
112
113
113
### Querying blocking and auditing events
114
114
115
-
attack surface reduction rule events can be viewed within the Windows Defender log.
115
+
Attack surface reduction rule events can be viewed within the Windows Defender log.
116
116
117
117
To access it, open Windows Event Viewer, and browse to **Applications and Services Logs**\>**Microsoft**\>**Windows**\>**Windows Defender**\>**Operational**.
118
118
@@ -126,13 +126,13 @@ To add an exclusion, see [Customize attack surface reduction](attack-surface-red
126
126
127
127
> [!IMPORTANT]
128
128
> You can specify individual files and folders to be excluded, but you can't specify individual rules.
129
-
> This means any files or folders that are excluded are excluded from all ASR rules.
129
+
> This means any files or folders that are excluded from all ASR rules.
130
130
131
131
## Report a false positive or false negative
132
132
133
133
Use the [Microsoft Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/support/report-exploit-guard) to report a false negative or false positive for network protection. With a Windows E5 subscription, you can also [provide a link to any associated alert](alerts-queue.md).
134
134
135
-
## Collect Microsoft Defender Antimalware Protection diagnostic data for file submissions
135
+
## Collect Microsoft Defender Anti-malware Protection diagnostic data for file submissions
136
136
137
137
When you report a problem with attack surface reduction rules, you're asked to collect and submit diagnostic data for Microsoft support and engineering teams to help troubleshoot issues.
138
138
@@ -155,7 +155,7 @@ You can also view rule events through the Microsoft Defender Antivirus dedicated
155
155
156
156
You can find this utility in *%ProgramFiles%\Windows Defender\MpCmdRun.exe*. You must run it from an elevated command prompt (that is, run as Admin).
157
157
158
-
To generate the support information, type *MpCmdRun.exe -getfiles*. After a while, several logs will be packaged into an archive (MpSupportFiles.cab) and made available in *C:\ProgramData\Microsoft\Windows Defender\Support*.
158
+
To generate the support information, type `MpCmdRun.exe -getfiles`. After a while, several logs will be packaged into an archive (MpSupportFiles.cab) and made available at `C:\ProgramData\Microsoft\Windows Defender\Support`.
0 commit comments