diff --git a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
index 44f78723aa..ad774f962c 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 11/06/2017
+ms.date: 09/07/2018
 ---
 
 #  Run a detection test on a newly onboarded Windows Defender ATP machine 
@@ -26,7 +26,8 @@ ms.date: 11/06/2017
 
 Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
 
-1. Open an elevated command-line prompt on the machine and run the script:
+1. Create a folder:  'C:\test-WDATP-test'.
+2. Open an elevated command-line prompt on the machine and run the script:
 
     a.  Go to **Start** and type **cmd**.
 
@@ -34,7 +35,7 @@ Run the following PowerShell script on a newly onboarded machine to verify that
 
     ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
 
-2. At the prompt, copy and run the following command:
+3. At the prompt, copy and run the following command:
 
     ```
     powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'