Update client-behavioral-blocking.md

windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md

@@ -26,11 +26,13 @@ ms.collection:
 
 ## Overview
 
-Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). As threats are detected on devices (clients), they are blocked and remediated automatically. 
+Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). As threats are detected on devices (clients), they are blocked, checked, and remediated automatically. 
+
+:::image type="content" source="images/pre-execution-and-post-execution-detection-engines.png" alt-text="Cloud and client protection":::
 
 ## How client behavioral blocking works
 
-
+Antivirus protection works best when paired with cloud protection. [Microsoft Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) can identify malicious behavior, detect malicious code, detect fileless and in-memory attacks, and more on a device. When suspicious behaviors or artifacts are detected, Microsoft Defender Antivirus monitors and sends suspicious behaviors and process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.
 
 
 ## Configuring client behavioral blocking