update respond file alerts

windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md

@@ -33,7 +33,7 @@ You can also submit files for deep analysis to run the file in a secure cloud sa
 ## Stop and quarantine files in your network
 You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed.
 
-The **Stop & Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
+The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
 
 The action takes effect on machines with the latest Windows 10, version 1703 where the file was observed in the last 30 days.
 
@@ -43,19 +43,19 @@ The action takes effect on machines with the latest Windows 10, version 1703 whe
   - **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
   - **Search box** - select File from the drop–down menu and enter the file name
 
-2.	Open the **Actions menu** and select **Stop & Quarantine File**.
+2.	Open the **Actions menu** and select **Stop and Quarantine File**.
     ![Image of stop and quarantine file action](images/atp-stop-quarantine-file.png)
 
-3. Type a comment (optional), and select **Yes** to take action on the file. The comment will be saved in the Action center for reference.
+3. Type a comment and select **Yes, stop and quarantine** to take action on the file.
+    ![Image of stop and quarantine file](images/atp-stop-quarantine.png)
 
   The Action center shows the submission information:
     ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png)
 
-    -	**Submission time** - Shows when the action was submitted. <br>
-    -	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. <br>
-    -	**Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.<br>
-    -	**Success** - Shows the number of machines where the file has been stopped and quarantined.<br>
-    -	**Failed** - Shows the number of machines where the action failed and details about the failure.<br>
+   - **Submission time** - Shows when the action was submitted.
+   - **Success** - Shows the number of machines where the file has been stopped and quarantined.
+   - **Failed** - Shows the number of machines where the action failed and details about the failure.
+   - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
 
 4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
 
@@ -104,14 +104,16 @@ This feature is designed to prevent suspected malware (or potentially malicious
 
   ![Image of preferences setup](images/atp-preferences-setup.png)
 
-3. Type a comment (optional) and select **Yes** to take action on the file.
-The Action center shows the submission information:
 
-  ![Image of block file](images/atp-blockfile.png)
+3. Type a comment and select **Yes, block file** to take action on the file.
+
+
+    The Action center shows the submission information:
+    ![Image of block file](images/atp-blockfile.png)
 
   - **Submission time** - Shows when the action was submitted. <br>
-  -	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. <br>
-  -	**Status** - Indicates whether the file was added to or removed from the blacklist.
+  - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. <br>
+  - **Status** - Indicates whether the file was added to or removed from the blacklist.
 
 When the file is blocked, there will be a new event in the machine timeline.</br>
 
@@ -130,9 +132,9 @@ For prevalent files in the organization, a warning is shown before an action is
 ### Remove file from blocked list
 1.	Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
 
-  -	**Alerts** - Click the file links from the Description or Details in the Alert timeline <br>
-  -	**Machines list** - Click the file links in the Description or Details columns in the Observed on machine section <br>
-  -	**Search box** - Select File from the drop–down menu and enter the file name
+  - **Alerts** - Click the file links from the Description or Details in the Alert timeline <br>
+  - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section <br>
+  - **Search box** - Select File from the drop–down menu and enter the file name
 
 2.	Open the **Actions** menu and select **Remove file from blocked list**.