From b318f6afbe84e60b13ed399cbabf21786aad248e Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Tue, 22 Sep 2020 13:47:09 +0300
Subject: [PATCH] Update respond-machine-alerts.md

Added a note to provide information about product behavior when a scan is issued from MDATP portal
---
 .../microsoft-defender-atp/respond-machine-alerts.md         | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 6d56a12fd2..3c25ee8c2c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -124,6 +124,11 @@ One you have selected **Run antivirus scan**, select the scan type that you'd li
 
 The Action center will show the scan information and the device timeline will include a new event, reflecting that a scan action was submitted on the device. Microsoft Defender AV alerts will reflect any detections that surfaced during the scan.
 
+>[!NOTE]
+>When triggering a scan using MDATP response action, Microsoft Defender antivirus 'ScanAvgCPULoadFactor' value still applies and limits the CPU impact of the scan. 
+>If ScanAvgCPULoadFactor is not configured, the default value is a limit of 50% maximum CPU load during a scan. 
+>For more information, see [configure-advanced-scan-types-microsoft-defender-antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus).
+
 ## Restrict app execution
 
 In addition to containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.