From 4134fce2ddaa3b660a26eeb6b3bdfe2eddf9e0ba Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon <v-maave@microsoft.com>
Date: Wed, 23 Sep 2020 13:01:56 -0400
Subject: [PATCH] edits for linux exclusions

---
 .../microsoft-defender-atp/linux-exclusions.md      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
index 27d42d2a2c..3caaa64438 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@@ -46,6 +46,9 @@ File | A specific file identified by the full path | `/var/log/test.log`<br/>`/v
 Folder | All files under the specified folder (recursively) | `/var/log/`<br/>`/var/*/`
 Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
 
+> [!IMPORTANT]
+> The paths above must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running `file <path-name>`.
+
 File, folder, and process exclusions support the following wildcards:
 
 Wildcard | Description | Example | Matches | Does not match
@@ -104,6 +107,16 @@ Examples:
     ```bash
     mdatp exclusion folder add --path "/var/*/"
     ```
+
+    > [!NOTE]
+    > This will only exclude paths one level below */var/*, but not folders which are more deeply nested; for example, */var/this-subfolder/but-not-this-subfolder*.
+    
+    ```bash
+    mdatp exclusion folder add --path "/var/"
+    ```
+    > [!NOTE]
+    > This will exclude all paths whose parent is */var/*; for example, */var/this-subfolder/and-this-subfolder-as-well*.
+
     ```Output
     Folder exclusion configured successfully
     ```