Improved Acrolinx score

Author: v-smandalika

defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md

@@ -32,7 +32,7 @@ search.appverid: met150
 This article describes an antivirus/antimalware feature known as "block at first sight", and describes how to enable block at first sight for your organization.
 
 > [!TIP]
-> This article is intended for enterprise admins and IT Pros who manage security settings for organizations. If you are not an enterprise admin or IT Pro but you have questions about block at first sight, see the [Not an enterprise admin or IT Pro?](#not-an-enterprise-admin-or-it-pro) section.
+> This article is intended for enterprise admins and IT Pros who manage security settings for organizations. If you aren't an enterprise admin or IT Pro but you have questions about block at first sight, see the [Not an enterprise admin or IT Pro?](#not-an-enterprise-admin-or-it-pro) section.
 
 ## What is "block at first sight"?
 
@@ -57,9 +57,9 @@ Microsoft Defender Antivirus uses multiple detection and prevention technologies
 
 ## A few things to know about block at first sight
 
-- Block at first sight can block non-portable executable files (such as JS, VBS, or macros) and executable files, running the [latest Defender antimalware platform](microsoft-defender-antivirus-updates.md) on Windows or Windows Server.
+- Block at first sight can block nonportable executable files (such as JS, VBS, or macros) and executable files, running the [latest Defender antimalware platform](microsoft-defender-antivirus-updates.md) on Windows or Windows Server.
 
-- Block at first sight only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or that originate from the Internet zone. A hash value of the `.exe` file is checked via the cloud backend to determine if the file is a previously undetected file.
+- Block at first sight only uses the cloud protection backend for executable files and nonportable executable files that are downloaded from the Internet, or that originate from the Internet zone. A hash value of the `.exe` file is checked via the cloud backend to determine if the file is a previously undetected file.
 
 - If the cloud backend is unable to make a determination, Microsoft Defender Antivirus locks the file and uploads a copy to the cloud. The cloud performs more analysis to reach a determination before it either allows the file to run or blocks it in all future encounters, depending on whether it determines the file to be malicious or not a threat.
 
@@ -98,7 +98,7 @@ Microsoft Defender Antivirus uses multiple detection and prevention technologies
 3. In the MAPS section, double-click **Configure the 'Block at First Sight' feature**, and set it to **Enabled**, and then select **OK**.
 
     > [!IMPORTANT]
-    > Setting to **Always prompt (0)** will lower the protection state of the device. Setting to **Never send (2)** means block at first sight will not function.
+    > Setting to **Always prompt (0)** lowers the protection state of the device. Setting to **Never send (2)** means block at first sight won't function.
 
 4. In the MAPS section, double-click **Send file samples when further analysis is required**, and set it to **Enabled**. Under **Send file samples when further analysis is required**, select **Send all samples**, and then select **OK**.
 
@@ -118,13 +118,13 @@ You can confirm that block at first sight is enabled on individual client device
 
 > [!NOTE]
 >
-> - If the prerequisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints.
-> - Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
+> - If the prerequisite settings are configured and deployed using Group Policy, the settings described in this section are greyed-out and unavailable for use on individual endpoints.
+> - Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting gets updated in Windows Settings.
 
 ## Turn off block at first sight
 
 > [!CAUTION]
-> Turning off block at first sight will lower the protection state of your device(s) and your network. We do not recommend disabling block at first sight protection permanently.
+> Turning off block at first sight lowers the protection state of your devices and your network. We don't recommend disabling block at first sight protection permanently.
 
 ### Turn off block at first sight with Microsoft Intune
 
@@ -144,22 +144,22 @@ You can confirm that block at first sight is enabled on individual client device
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure, and then select **Edit**.
 
-2. Using the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
+2. Using the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 
 3. Expand the tree through **Windows components** \> **Microsoft Defender Antivirus** \> **MAPS**.
 
 4. Double-click **Configure the 'Block at First Sight' feature** and set the option to **Disabled**.
 
     > [!NOTE]
-    > Disabling block at first sight does not disable or alter the prerequisite group policies.
+    > Disabling block at first sight doesn't disable or alter the prerequisite group policies.
 
 ## Not an enterprise admin or IT Pro?
 
-If you are not an enterprise admin or an IT Pro, but you have questions about block at first sight, this section is for you. Block at first sight is a threat protection feature that detects and blocks malware within seconds. Although there isn't a specific setting called "Block at first sight," the feature is enabled when certain settings are configured on your device.
+If you aren't an enterprise admin or an IT Pro, but you have questions about block at first sight, this section is for you. Block at first sight is a threat protection feature that detects and blocks malware within seconds. Although there isn't a specific setting called "Block at first sight," the feature is enabled when certain settings are configured on your device.
 
 ### How to manage block at first sight on or off on your own device
 
-If you have a personal device that is not managed by an organization, you might be wondering how to turn block at first sight on or off. You can use the Windows Security app to manage block at first sight.
+If you have a personal device that isn't managed by an organization, you might be wondering how to turn block at first sight on or off. You can use the Windows Security app to manage block at first sight.
 
 1. On your Windows 10 or Windows 11 computer, open the Windows Security app.
 
@@ -174,7 +174,7 @@ If you have a personal device that is not managed by an organization, you might
    - To disable block at first sight, turn off **Cloud-delivered protection** or **Automatic sample submission**.
 
      > [!CAUTION]
-     > Turning off block at first sight lowers the level of protection for your device. We do not recommend permanently disabling block at first sight.
+     > Turning off block at first sight lowers the level of protection for your device. We don't recommend permanently disabling block at first sight.
 
 ## See also
 

defender-endpoint/configure-notifications-microsoft-defender-antivirus.md

@@ -35,12 +35,12 @@ If you're part of your organization's security team, you can configure how notif
 
 ## Configure antivirus notifications using Group Policy or the Windows Security app
 
-You can configure the display of additional notifications, such as recent threat detection summaries, in the [Windows Security app](microsoft-defender-security-center-antivirus.md) and with Group Policy.
+You can configure the display of more notifications, such as recent threat detection summaries, in the [Windows Security app](microsoft-defender-security-center-antivirus.md) and with Group Policy.
 
 > [!NOTE]
 > In Windows 10, version 1607 the feature was called **Enhanced notifications** and was configured under **Windows Settings** \> **Update & security** \> **Windows Defender**. In Group Policy settings for all versions of Windows 10 and Windows 11, the notification feature is called **Enhanced notifications**.
 
-### Use Group Policy to disable additional notifications
+### Use Group Policy to disable other notifications
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
 
@@ -52,10 +52,10 @@ You can configure the display of additional notifications, such as recent threat
 
 5. Expand the tree to **Windows components** \> **Microsoft Defender Antivirus** > **Reporting**.
 
-6. Double-click **Turn off enhanced notifications**, and set the option to **Enabled**. Then select **OK**. This will prevent additional notifications from appearing.
+6. Double-click **Turn off enhanced notifications**, and set the option to **Enabled**. Then select **OK**. This setting prevents more notifications from appearing.
 
 > [!IMPORTANT]
-> Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts.
+> Disabling other notifications won't disable critical notifications, such as threat detection and remediation alerts.
 
 ### Use the Windows Security app to disable additional notifications
 
@@ -65,20 +65,20 @@ You can configure the display of additional notifications, such as recent threat
 
 3. Scroll to the **Notifications** section and select **Change notification settings**.
 
-4. Slide the switch to **Off** or **On** to disable or enable additional notifications.
+4. Slide the switch to **Off** or **On** to disable or enable other notifications.
 
 > [!IMPORTANT]
-> Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts.
+> Disabling other notifications won't disable critical notifications, such as threat detection and remediation alerts.
 
 ## Configure standard notifications on endpoints using Group Policy
 
 You can use Group Policy to:
 
-- Display additional, customized text on endpoints when the user needs to perform an action
+- Display more, customized text on endpoints when the user needs to perform an action
 - Hide all notifications on endpoints
 - Hide reboot notifications on endpoints
 
-Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Configuration Manager Endpoint Protection monitoring dashboard and reports](/configmgr/protect/deploy-use/monitor-endpoint-protection). 
+Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. Hiding notifications will only occur on endpoints to which the policy is deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Configuration Manager Endpoint Protection monitoring dashboard and reports](/configmgr/protect/deploy-use/monitor-endpoint-protection). 
 
 To add custom contact information to endpoint notifications, see [Customize the Windows Security app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center).
 
@@ -94,7 +94,7 @@ To add custom contact information to endpoint notifications, see [Customize the
 
 5. Double-click **Suppress all notifications** and set the option to **Enabled**. 
 
-6. Select **OK**. This will prevent additional notifications from appearing.
+6. Select **OK**. This setting prevents more notifications from appearing.
 
 ### Use Group Policy to hide reboot notifications
 
@@ -110,7 +110,7 @@ To add custom contact information to endpoint notifications, see [Customize the
 
 5. Double-click **Suppresses reboot notifications** and set the option to **Enabled**. 
 
-5. Select **OK**. This will prevent additional notifications from appearing.
+5. Select **OK**. This setting prevents more notifications from appearing.
 
 > [!TIP]
 > If you're looking for Antivirus related information for other platforms, see:

defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

@@ -31,7 +31,7 @@ ms.date: 03/19/2024
 **Platforms**
 - Windows 
 
-You can exclude files that are opened by specific processes from Microsoft Defender Antivirus scans. Note that these types of exclusions are for files that are opened by processes and not the processes themselves. To exclude a process, add a file exclusion (see [Configure and validate exclusions based on file extension and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md)).
+You can exclude files that are opened by specific processes from Microsoft Defender Antivirus scans. These types of exclusions are for files that are opened by processes and not the processes themselves. To exclude a process, add a file exclusion (see [Configure and validate exclusions based on file extension and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md)).
 
 See [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions) and review the information in [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md) before defining your exclusion lists.
 
@@ -68,11 +68,11 @@ Two different types of process exclusions may be set. A process may be excluded
 
 For example, given the process `MyProcess.exe` running from `C:\MyFolder\` the full path to this process would be `C:\MyFolder\MyProcess.exe` and the image name is `MyProcess.exe`. 
 
-Image name exclusions are much more broad - an exclusion on `MyProcess.exe` will exclude any processes with this image name, regardless of the path they are run from. So for example, if the process `MyProcess.exe` is excluded by image name, it will also be excluded if it is run from `C:\MyOtherFolder`, from removable media, et cetera. As such it is recommended that whenever possible, the full path is used. 
+Image name exclusions are much more broad - an exclusion on `MyProcess.exe` excludes any processes with this image name, regardless of the path they're run from. So for example, if the process `MyProcess.exe` is excluded by image name, it will also be excluded if it is run from `C:\MyOtherFolder`, from removable media, et cetera. As such it's recommended that whenever possible, the full path is used. 
 
 ### Use wildcards in the process exclusion list
 
-The use of wildcards in the process exclusion list is different from their use in other exclusion lists. When the process exclusion is defined as an image name only, wildcard usage is not allowed. However when a full path is used, wildcards are supported and the wildcard behavior behaves as described in [File and Folder Exclusions](configure-extension-file-exclusions-microsoft-defender-antivirus.md)
+The use of wildcards in the process exclusion list is different from their use in other exclusion lists. When the process exclusion is defined as an image name only, wildcard usage isn't allowed. However when a full path is used, wildcards are supported and the wildcard behavior behaves as described in [File and Folder Exclusions](configure-extension-file-exclusions-microsoft-defender-antivirus.md)
 
 The use of environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the process exclusion list is also supported. Details and a full list of supported environment variables are described in [File and Folder Exclusions](configure-extension-file-exclusions-microsoft-defender-antivirus.md). 
 
@@ -88,7 +88,7 @@ The following table describes how the wildcards can be used in the process exclu
 
 ### Contextual Process Exclusions
 
-Note that a process exclusion may also be defined via a [Contextual exclusion](configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md) allowing for example a specific file to be excluded only if it is opened by a specific process. 
+A process exclusion may also be defined via a [Contextual exclusion](configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md) allowing, for example, a specific file to be excluded only if it's opened by a specific process. 
 
 ## Configure the list of exclusions for files opened by specified processes
 
@@ -134,7 +134,7 @@ The following are allowed as the \<cmdlet\>:
 |Remove items from the list|`Remove-MpPreference`|
 
 > [!IMPORTANT]
-> If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
+> If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again overwrites the existing list.
 
 For example, the following code snippet would cause Microsoft Defender Antivirus scans to exclude any file that is opened by the specified process:
 
@@ -166,7 +166,7 @@ You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Mic
 
 If you use PowerShell, you can retrieve the list in two ways:
 
-- Retrieve the status of all Microsoft Defender Antivirus preferences. Each of the lists are displayed on separate lines, but the items within each list are combined into the same line.
+- Retrieve the status of all Microsoft Defender Antivirus preferences. Each of the lists is displayed on separate lines, but the items within each list are combined into the same line.
 - Write the status of all preferences to a variable, and use that variable to only call the specific list you're interested in. Each use of `Add-MpPreference` is written to a new line.
 
 ### Validate the exclusion list by using MpCmdRun