update respond file alerts

windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md

@@ -33,7 +33,7 @@ You can also submit files for deep analysis to run the file in a secure cloud sa
 ## Stop and quarantine files in your network
 You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed.
 
-The **Stop & Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
+The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
 
 The action takes effect on machines with the latest Windows 10, version 1703 where the file was observed in the last 30 days.
 
@@ -43,19 +43,19 @@ The action takes effect on machines with the latest Windows 10, version 1703 whe
   - **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
   - **Search box** - select File from the drop–down menu and enter the file name
 
-2.	Open the **Actions menu** and select **Stop & Quarantine File**.
+2.	Open the **Actions menu** and select **Stop and Quarantine File**.
     ![Image of stop and quarantine file action](images/atp-stop-quarantine-file.png)
 
-3. Type a comment (optional), and select **Yes** to take action on the file. The comment will be saved in the Action center for reference.
+3. Type a comment and select **Yes, stop and quarantine** to take action on the file.
+    ![Image of stop and quarantine file](images/atp-stop-quarantine.png)
 
   The Action center shows the submission information:
     ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png)
 
-    -	**Submission time** - Shows when the action was submitted. <br>
-    -	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. <br>
-    -	**Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.<br>
-    -	**Success** - Shows the number of machines where the file has been stopped and quarantined.<br>
-    -	**Failed** - Shows the number of machines where the action failed and details about the failure.<br>
+   - **Submission time** - Shows when the action was submitted.
+   - **Success** - Shows the number of machines where the file has been stopped and quarantined.
+   - **Failed** - Shows the number of machines where the action failed and details about the failure.
+   - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
 
 4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
 
@@ -104,9 +104,11 @@ This feature is designed to prevent suspected malware (or potentially malicious
 
   ![Image of preferences setup](images/atp-preferences-setup.png)
 
-3. Type a comment (optional) and select **Yes** to take action on the file.
-The Action center shows the submission information:
 
+3. Type a comment and select **Yes, block file** to take action on the file.
+
+
+    The Action center shows the submission information:
     ![Image of block file](images/atp-blockfile.png)
 
   - **Submission time** - Shows when the action was submitted. <br>