From edbcd60bf3d35917b415626f379e3b70edd294fc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 18:55:29 -0700
Subject: [PATCH] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md              | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 6842bb4dd4..825243a844 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -127,10 +127,13 @@ MDATP “Advanced Hunting”
  
 Note:  Change the “Last 7 days” to “Last 30 days”
  
+```
 find in (FileCreationEvents, ProcessCreationEvents, MiscEvents, RegistryEvents, NetworkCommunicationEvents, ImageLoadEvents)
 where InitiatingProcessFileName has 'notepad.exe'
 | project EventTime, ComputerName, InitiatingProcessSHA256, InitiatingProcessFolderPath, InitiatingProcessCommandLine
 | distinct InitiatingProcessSHA256
+```
+
 Note:    Replace notepad.exe with the 3rd party security product process name.
 Note 2:  We added ‘distinct’ query which shows just the unique SHA256’s.
               
@@ -151,7 +154,7 @@ Type:
 File(c:\\windows\\notepad.exe)
 | project Hash
 
-<br/><br/><br/><br/>
+<br/><br/>
 
 **Congratulations**! You have completed part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!