From f76c6eecf756295bcf5cba81be2e1d6ca6a2dd96 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 2 Apr 2019 16:39:42 -0700
Subject: [PATCH 1/2] add more pre-reqs

---
 ...-file-alerts-windows-defender-advanced-threat-protection.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 5334c052ed..3b5f8a40a7 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 04/24/2018
 ---
 
 # Take response actions on a file
@@ -112,6 +111,8 @@ You can prevent further propagation of an attack in your organization by banning
 >- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
 >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. 
 >- This response action is available for machines on Windows 10, version 1703 or later.
+>- The Antimalware client version must be 4.18.1901.x or later.
+>- The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action.
 
 >[!NOTE]
 > The PE file needs to be in the machine timeline for you to be able to take this action.  

From c12ec3446542c041af1da2ea4b688402c0b80129 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 3 Apr 2019 11:13:48 -0700
Subject: [PATCH 2/2] add note on effectivity of action

---
 ...rts-windows-defender-advanced-threat-protection.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 3b5f8a40a7..e5f643f908 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -108,15 +108,17 @@ You can roll back and remove a file from quarantine if you’ve determined that
 You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
 
 >[!IMPORTANT]
->- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
+>- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
+>- The Antimalware client version must be 4.18.1901.x or later.
 >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. 
 >- This response action is available for machines on Windows 10, version 1703 or later.
->- The Antimalware client version must be 4.18.1901.x or later.
 >- The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action.
 
+
+
 >[!NOTE]
 > The PE file needs to be in the machine timeline for you to be able to take this action.  
-
+>- There may be a couple of minutes of latency between the time the action is taken and the actual file being blocked.
 
 ### Enable the block file feature
 Before you can block files, you'll need to enable the feature.
@@ -150,6 +152,9 @@ Before you can block files, you'll need to enable the feature.
 
 When the file is blocked, there will be a new event in the machine timeline.</br>
 
+>[!NOTE]
+>-If a file was scanned before the action was taken, it may take longer to be effective on the device.
+
 **Notification on machine user**:</br>
 When a file is being blocked on the machine, the following notification is displayed to inform the user that the file was blocked: