Update troubleshoot-performance-issues.md

Author: denisebmsft

defender-endpoint/troubleshoot-performance-issues.md

@@ -42,7 +42,7 @@ First, you might want to check if other software is causing the issue. Read [Che
 | -------- | -------- |
 |1: **Binaries not signed** (`.exe`, `.dll`, `.ps1`, and so on) <br/>Anytime that a binary ( such as `.exe`, `.dll`, `.ps1`, and so on) is launched/started, if it's not digitally signed, Microsoft Defender Antivirus starts a real-time protection scan, scheduled scan, and/or on-demand scan. | You all should consider signing (Extended code validation (EV) code signing or using internal PKI) the binaries. And/or reaching out to the vendor so they could sign the binary (EV code signing). <br/><br/>We recommend that software vendors follow the various guidelines in [Partnering with the industry to minimize false positives](https://www.microsoft.com/en-us/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives/). The vendor or software developer can submit the application, service, or script in the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi/filesubmission?persona=SoftwareDeveloper). <br/><br/>As a work-around, you can follow these steps: <br/>1. (Preferred) For .exe's and dll's use [Indicators – File hash - allow](/defender-endpoint/indicator-file) or [Indicators – Certificate - allow](/defender-endpoint/indicator-certificates) <br/>2. (Alternative) Add [Antivirus exclusions (process+path)](/defender-endpoint/configure-exclusions-microsoft-defender-antivirus). |
 |2. **Using HTA's, CHM's and different files as databases**. <br/>Anytime that Microsoft Defender Antivirus must extract and/or scan complex file formats, higher CPU utilization can occur. | Consider switching to using actual databases if you need to save info and query it. <br/><br/>As a workaround, add [Antivirus exclusions (process+path)](/defender-endpoint/configure-exclusions-microsoft-defender-antivirus). |
-|3. **Using obfuscations on scripts**. <br/>If you obfuscate scripts, Microsoft Defender Antivirus in order to check if the script contains malicious payloads, it can use more cpu utilization while scanning. | Only use script obfuscation if really necessary.<br/><br/>As a workaround, add [Antivirus exclusions (process+path)](/defender-endpoint/configure-exclusions-microsoft-defender-antivirus). |
+|3. **Using obfuscations on scripts**. <br/>If you obfuscate scripts, Microsoft Defender Antivirus in order to check if the script contains malicious payloads, it can use more cpu utilization while scanning. | Use script obfuscation only when necessary.<br/><br/>As a workaround, add [Antivirus exclusions (process+path)](/defender-endpoint/configure-exclusions-microsoft-defender-antivirus). |
 |4. **Not letting the Microsoft Defender Antivirus cache finish before sealing the image**.| If you are creating a VDI image such as for a non-persistent image, make sure that cache maintenance completes before the image is sealed. <br/> For more information, see [Configure Microsoft Defender Antivirus on a remote desktop or virtual desktop infrastructure environment](/defender-endpoint/deployment-vdi-microsoft-defender-antivirus). |
 |5. **Having the wrong path exclusion(s) due to misspelling**. <br/>If you add misspelled exclusion paths, it can lead to performance issues.| Use `MpCmdRun.exe -CheckExclusion -Path` to validate path-based exclusions. |
 |6. **When a path exclusion is added, it works for scanning flows**. <br/>Behavior Monitoring (BM) and Network Real-time Inspection (NRI) may still cause performance issues. |As a workaround, take these steps: <br/>1. (Preferred) For .exe's and dll's use [Indicators – File hash - allow](/defender-endpoint/indicator-file) or [Indicators – Certificate - allow](/defender-endpoint/indicator-certificates) <br/>2. (Alternative) [Add Antivirus exclusions (process+path)](/defender-endpoint/configure-exclusions-microsoft-defender-antivirus). |