updated description of how wdav screens apps

windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md

@@ -25,7 +25,11 @@ manager: dansimp
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
 Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
+All apps (any executable file, including .exe, .scr, .dll files and others) are screened by Windows Defender Antivirus before being allowed to access files in protected folders. Only apps that are known to be safe are allowed to make changes to  files in a protected folder.
+
+Apps that are known to be malicious usually never make it as far as attempting folder access -- they are swiftly quarantined.
+
+If there isn't sufficient data to determine if an app is safe, it will be blocked from accessing the folder as a safety measure.
 
 This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.