diff --git a/defender-endpoint/adv-tech-of-mdav.md b/defender-endpoint/adv-tech-of-mdav.md
index ae3cb99807..67f8ae9859 100644
--- a/defender-endpoint/adv-tech-of-mdav.md
+++ b/defender-endpoint/adv-tech-of-mdav.md
@@ -7,7 +7,7 @@ ms.reviewer: yongrhee
manager: deniseb
ms.service: defender-endpoint
ms.topic: overview
-ms.date: 02/28/2024
+ms.date: 01/24/2025
ms.subservice: ngp
ms.localizationpriority: medium
ms.custom: partner-contribution
@@ -53,6 +53,7 @@ When the client encounters unknown threats, it sends metadata or the file itself
|**Heuristics engine**
Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.|**Detonation-based ML engine**
Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.|
|**Emulation engine**
The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.|**Reputation ML engine**
Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Defender for Office 365 for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.|
|**Network engine**
Network activities are inspected to identify and stop malicious activities from threats.|**Smart rules engine**
Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.|
+|**CommandLine scanning engine**
This engine scans the commandlines of all processes before they execute. If the commandline for a process isĀ found to be malicious it is blocked from execution.|**CommandLine ML engine**
Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|
For more information, see [Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise](https://www.microsoft.com/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/).