Update validate-antimalware.md

Author: denisebmsft

defender-endpoint/validate-antimalware.md

@@ -30,47 +30,36 @@ ms.date: 04/18/2025
 Scenario requirements and setup
 
 - Windows 11, Windows 10, Windows 8.1, Windows 7 SP1
-
-- Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2
-
+- Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2008 R2
 - Linux
 - macOS
 - [Real-time protection](/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) is enabled
 
 ## EICAR test file to simulate malware
 
-After you enable Microsoft Defender for Endpoint, Microsoft Defender for Business, or Microsoft Defender Antivirus, you can test the service and run a proof of concept to familiarize yourself with the features. You can also generate real security alerts and validate the advanced security capabilities effectively protect your device.
+After you enable Defender for Endpoint, Microsoft Defender for Business, or Microsoft Defender Antivirus, you can test the service by using an EICAR test file. Running a proof of concept like this can help you get familiar with the features, and validate the advanced security capabilities that protect your device by generating real security alerts.
 
-Run an antivirus detection test to verify a device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:
+You can run an antivirus detection test to verify that the device is properly onboarded and reporting to the service. 
 
 ### Windows
 
-1. Prepare for the EICAR test file:
-
-   - Use an EICAR test file instead of real malware to avoid causing damage
-
-   - Microsoft Defender Antivirus treats EICAR test files as malware
-   
-   - You will create the test file in the next step
+1. Prepare for the EICAR test file. Use an EICAR test file instead of real malware to avoid causing damage. Microsoft Defender Antivirus treats EICAR test files as malware.
 
-1. Create the EICAR test file:
+2. Create the EICAR test file by following these steps:
 
-   a. Copy the following string: `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`
+   1. Copy the following string: `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`.
 
-   b. Paste the string into a .TXT file and save it as EICAR.txt
-
-   c. Verify the test file is immediately quarantined by Defender
-
+   2. Paste the string into a `.TXT` file and save it as `EICAR.txt`.
 
-### Linux and macOS
+### Linux/macOS
 
-1. Verify that real-time protection is enabled. Run the following command and confirm the output is `"true"`:
+1. Ensure that real-time protection is enabled. Run the following command and confirm the output is `"true"`:
 
     ```
     mdatp health --field real_time_protection_enabled
     ```
 
-2. Run one of the following commands to download the EICAR test file:
+2. Download the EICAR test file. Open a Terminal window and execute the appropriate command for your operating system:
 
    Linux:
    
@@ -84,8 +73,9 @@ Run an antivirus detection test to verify a device is properly onboarded and rep
     curl -o ~/Downloads/eicar.com.txt https://secure.eicar.org/eicar.com.txt
     ```
 
-3. Run the following command to list all detected threats and verify the test file has been quarantined by Defender for Endpoint:
+3. Verify that the file has been quarantined by Defender for Endpoint.** Run the following command to list all detected threats:
 
     ```
     mdatp threat list
     ```
+