diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
index 9ad7e0b073..baf41c376e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@@ -49,6 +49,9 @@ File | A specific file identified by the full path | `/var/log/test.log`<br/>`/v
 Folder | All files under the specified folder (recursively) | `/var/log/`<br/>`/var/*/`
 Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
 
+> [!IMPORTANT]
+> The paths above must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running `file <path-name>`.
+
 File, folder, and process exclusions support the following wildcards:
 
 Wildcard | Description | Example | Matches | Does not match
@@ -107,6 +110,16 @@ Examples:
     ```bash
     mdatp exclusion folder add --path "/var/*/"
     ```
+
+    > [!NOTE]
+    > This will only exclude paths one level below */var/*, but not folders which are more deeply nested; for example, */var/this-subfolder/but-not-this-subfolder*.
+    
+    ```bash
+    mdatp exclusion folder add --path "/var/"
+    ```
+    > [!NOTE]
+    > This will exclude all paths whose parent is */var/*; for example, */var/this-subfolder/and-this-subfolder-as-well*.
+
     ```Output
     Folder exclusion configured successfully
     ```