Finalized draft edits

Author: joshgingras

defender-endpoint/validate-antimalware.md

@@ -31,41 +31,48 @@ Scenario requirements and setup
 
 - Windows 11, Windows 10, Windows 8.1, Windows 7 SP1
 
-- Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2008 R2
+- Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2
 
 - Linux
 
 - macOS
 
-- Microsoft Defender Real-time protection is enabled
+- Microsoft Defender real-time protection is enabled
 
 ## EICAR test file to simulate malware
 
-After you enable Microsoft Defender for Endpoint or Microsoft Defender for Business or Microsoft Defender Antivirus, you can test the service and run a proof of concept to familiarize yourself with its feature and validate the advanced security capabilities effectively protect your device by generating real security alerts.
+After you enable Microsoft Defender for Endpoint, Microsoft Defender for Business, or Microsoft Defender Antivirus, you can test the service and run a proof of concept to familiarize yourself with the features. You can also generate real security alerts and validate the advanced security capabilities effectively protect your device.
 
-Run an AV detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:
+Run an antivirus detection test to verify a device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:
 
 ### Windows
 
 1. Prepare for the EICAR test file:
 
-   1. Use an EICAR test file instead of real malware to avoid causing damage. Microsoft Defender Antivirus treats EICAR test files as malware.
+   - Use an EICAR test file instead of real malware to avoid causing damage
+
+   - Microsoft Defender Antivirus treats EICAR test files as malware
+   
+   - You will create the test file in the next step
 
 1. Create the EICAR test file:
 
-   1. Copy the following string: `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`
+   a. Copy the following string: `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`
 
-      1. Paste the string into a .TXT file and save it as EICAR.txt
+   b. Paste the string into a .TXT file and save it as EICAR.txt
+
+   c. Verify the test file is immediately quarantined by Defender
+
             
-### Linux/macOS
+### Linux and macOS
 
-1. Ensure that real-time protection is enabled. Run the following command and confirm the output is `"true"`:
+1. Verify that real-time protection is enabled. Run the following command and confirm the output is `"true"`:
 
     ```
     mdatp health --field real_time_protection_enabled
     ```
 
-2. Download the EICAR test file. Open a Terminal window and execute the appropriate command for your operating system:
+2. Run one of the following commands to download the EICAR test file:
 
    Linux:
    
@@ -79,9 +86,8 @@ Run an AV detection test to verify that the device is properly onboarded and rep
     curl -o ~/Downloads/eicar.com.txt https://secure.eicar.org/eicar.com.txt
     ```
 
-3. Verify that the file has been quarantined by Defender for Endpoint.** Run the following command to list all detected threats:
+3. Run the following command to list all detected threats and verify the test file has been quarantined by Defender for Endpoint:
 
     ```
     mdatp threat list
     ```
-