Update evaluate-exploit-protection.md

fixed metadata and links

Author: diannegali

defender-endpoint/evaluate-exploit-protection.md

@@ -15,7 +15,7 @@ ms.collection:
 - tier2
 - mde-asr
 search.appverid: met150
-ms.date: 11/15/2024
+ms.date: 11/21/2024
 ---
 
 # Evaluate exploit protection
@@ -37,7 +37,7 @@ In audit, you can see how mitigation works for certain apps in a test environmen
 
 Exploit protection mitigations work at a low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they're configured to be protected by using exploit protection.  
 
-#### What kinds of Software shouldn't be protected by exploit protection?
+#### What kinds of software shouldn't be protected by exploit protection?
 
 - Anti-malware and intrusion prevention or detection software
 - Debuggers
@@ -55,15 +55,15 @@ Services
 - System services
 - Network services
 
-## Exploit Protection mitigations enabled by default
+## Exploit protection mitigations enabled by default
 
-| Mitigation | Enabled by default on |
+| Mitigation | Enabled by default |
 | -------- | -------- |
 | Data Execution Prevention (DEP) | 64-bit and 32-bit applications |
 | Validate exception chains (SEHOP) | 64-bit applications |
 | Validate heap integrity | 64-bit and 32-bit applications |
 
-## These "Program settings" mitigations are deprecated
+## Deprecated "Program settings" mitigations
 
 | “Program settings” mitigations | Reason |
 | -------- | -------- |
@@ -74,14 +74,16 @@ Services
 | Validate stack integrity (StackPivot) | Replaced with Arbitrary Code Guard (ACG) |
 
 ## Office application best practices
+
 Instead of using Exploit Protection for Office applications such as Outlook, Word, Excel, PowerPoint, and OneNote, consider using a more modern approach to prevent their misuse: Attack Surface Reduction rules (ASR rules):
-•	[Block executable content from email client and webmail ](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-executable-content-from-email-client-and-webmail)
-•	[Block Office applications from creating executable content](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-office-applications-from-creating-executable-content)
-•	[Block all Office applications from creating child processes](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-all-office-applications-from-creating-child-processes)
-•	[Block Office communication application from creating child processes](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-office-communication-application-from-creating-child-processes)
-•	[Block Office applications from injecting code into other processes](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-office-applications-from-injecting-code-into-other-processes)
-•	[Block execution of potentially obfuscated scripts](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-execution-of-potentially-obfuscated-scripts)
-•	[Block Win32 API calls from Office macros](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-win32-api-calls-from-office-macros)
+
+- [Block executable content from email client and webmail ](attack-surface-reduction-rules-reference.md#block-executable-content-from-email-client-and-webmail)
+- [Block Office applications from creating executable content](attack-surface-reduction-rules-reference.md#block-office-applications-from-creating-executable-content)
+- [Block all Office applications from creating child processes](attack-surface-reduction-rules-reference.md#block-all-office-applications-from-creating-child-processes)
+- [Block Office communication application from creating child processes](attack-surface-reduction-rules-reference.md#block-office-communication-application-from-creating-child-processes)
+- [Block Office applications from injecting code into other processes](attack-surface-reduction-rules-reference.md#block-office-applications-from-injecting-code-into-other-processes)
+- [Block execution of potentially obfuscated scripts](attack-surface-reduction-rules-reference.md#block-execution-of-potentially-obfuscated-scripts)
+- [Block Win32 API calls from Office macros](attack-surface-reduction-rules-reference.md#block-win32-api-calls-from-office-macros)
 
 The same for Adobe Reader, use ASR rules:
 •	[Block Adobe Reader from creating child processes](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction-rules-reference#block-adobe-reader-from-creating-child-processes)
@@ -114,7 +116,8 @@ The following table lists specific products that have compatibility issues with
 ǂ EMET mitigations might be incompatible with Oracle Java when they're run by using settings that reserve a large chunk of memory for the virtual machine (that is, by using the -Xms option).
 
 ## Enable exploit protection system settings for testing
-These Exploit Protection system settings are enabled by default in Windows 10 or later, or Windows Server 2019 or later, or Windows Server, version 1803 core edition or later.
+
+These Exploit Protection system settings are enabled by default on Windows 10 and later, Windows Server 2019 and later, and on Windows Server version 1803 core edition and later.
 
 | System settings | Setting |
 | -------- | -------- |
@@ -143,7 +146,7 @@ The xml sample is available below
 ## Enable exploit protection program settings for testing
 
 > [!TIP] 
-> We highly recommend to review the modern approach for vulnerability mitigations which is to use the [Attack Surface Reduction rules (ASR rules)](https://learn.microsoft.com/defender-endpoint/attack-surface-reduction) instead.
+> We highly recommend reviewing the modern approach for vulnerability mitigations, which is to use [Attack Surface Reduction rules (ASR rules)](attack-surface-reduction.md).
 
 You can set mitigations in a testing mode for specific programs by using the Windows Security app or Windows PowerShell.