Update run-analyzer-macos-linux.md

denisebmsft · denisebmsft · commit 65dad143dce9 · 2025-01-05T09:01:29.000-08:00
diff --git a/defender-endpoint/run-analyzer-macos-linux.md b/defender-endpoint/run-analyzer-macos-linux.md
@@ -257,12 +257,12 @@ The files generated when using this mode are summarized in the following table:
 | File  | Remarks |
 | ------------- | ------------- |
 | `mde_diagnostic.zip`  | Defender for Endpoint logs and configs  |
-| `health.txt`  | The health status of Defender for Endpoint [^1]  |
-| `health_details_features.txt`  | The health status of other Defender for Endpoint features [^1]   |
-| `permissions.txt`  | Permission issues with the folders owned/used by Defender for Endpoint [^1]   |
+| `health.txt`  | The health status of Defender for Endpoint <br/>(Present only when Defender for Endpoint is installed) |
+| `health_details_features.txt`  | The health status of other Defender for Endpoint features <br/>(Present only when Defender for Endpoint is installed) |
+| `permissions.txt`  | Permission issues with the folders owned/used by Defender for Endpoint <br/>(Present only when Defender for Endpoint is installed) |
 | `crashes`  | Crash dumps generated by Defender for Endpoint |
 | `process_information.txt`  | Process running in the machine when the tool was run |
-| `proc_directory_info.txt`  | Mapping of the virtual memory of Defender for Endpoint processes [^1]   |
+| `proc_directory_info.txt`  | Mapping of the virtual memory of Defender for Endpoint processes <br/>(Present only when Defender for Endpoint is installed) |
 | `auditd_info.txt`  | Auditd health, rules, logs |
 | `auditd_log_analysis.txt`  | Summary of events processed by auditd  |
 | `auditd_logs.zip`  | Auditd log files  |
@@ -294,30 +294,27 @@ The files generated when using this mode are summarized in the following table:
 | `lsmod.txt` | Status of modules in the Linux kernel |
 | `dmesg.txt` | Messages from the kernel ring buffer |
 | `kernel_lockdown.txt` | kernel lockdown Info |
-| `rtp_statistics.txt` | Defender for Endpoint Real Time Protection(RTP) statistics <br/>(see the note after this table) |
+| `rtp_statistics.txt` | Defender for Endpoint Real Time Protection(RTP) statistics <br/>(Present only when Defender for Endpoint is installed) |
 | `libc_info.txt` | libc library information |
 | `uptime_info.txt` | Time since last restart |
 | `last_info.txt` | Listing of last logged in users |
 | `locale_info.txt` | Show current locale |
-| `tmp_files_owned_by_mdatp.txt` | /tmp files owned by group:mdatp <br/>(see the note after this table) |
-| `mdatp_config.txt` | All the Defender for Endpoint configurations <br/>(see the note after this table)  |
-| `mpenginedb.db`<br/>`mpenginedb.db-wal`<br/> `mpenginedb.db-shm` | Antivirus definitions file <br/>(see the note after this table) |
+| `tmp_files_owned_by_mdatp.txt` | /tmp files owned by group:mdatp <br/>(Present only when Defender for Endpoint is installed) |
+| `mdatp_config.txt` | All the Defender for Endpoint configurations <br/>(Present only when Defender for Endpoint is installed) |
+| `mpenginedb.db`<br/>`mpenginedb.db-wal`<br/> `mpenginedb.db-shm` | Antivirus definitions file <br/>(Present only when Defender for Endpoint is installed) |
 | `iptables_rules.txt` | Linux iptables rules |
 | `network_info.txt` | Network information |
 | `sysctl_info.txt` | kernel settings info |
 | `hostname_diagnostics.txt` | Hostname diagnostics information |
-| `mde_event_statistics.txt` | Defender for Endpoint Event statistics <br/>(see the note after this table) |
-| `mde_ebpf_statistics.txt` | Defender for Endpoint eBPF statistics <br/>(see the note after this table) |
+| `mde_event_statistics.txt` | Defender for Endpoint Event statistics <br/>(Present only when Defender for Endpoint is installed) |
+| `mde_ebpf_statistics.txt` | Defender for Endpoint eBPF statistics <br/>(Present only when Defender for Endpoint is installed) |
 | `kernel_logs.zip` | Kernel logs |
 | `mdc_log.zip` | Microsoft Defender for Cloud logs |
 | `netext_config.txt` |  |
-| `threat_list.txt` | List of threats detected by Defender for Endpoint <br/>(see the note after this table) |
+| `threat_list.txt` | List of threats detected by Defender for Endpoint <br/>(Present only when Defender for Endpoint is installed) |
 | `top_output.txt `| Process running in the machine when the tool was run |
 | `top_summary.txt` | Memory and CPU usage analytics of the process running |
 
-> [!NOTE]
-> This file is present only when Defender for Endpoint is installed.
-
 ### Positional arguments
 
 #### Collect performance info
