diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ca76752f2b..4c638eb8a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -37,7 +37,7 @@ The following table summarizes remediation actions following an automated invest
|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.
Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.
Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
|**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.
Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.
If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.
If the artifact is not in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).
2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.
If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.
If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).
2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
|**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.
Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).|
|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.
If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.
If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).
[Approve (or reject) pending actions](#review-pending-actions). |
|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.
Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).
[Approve (or reject) pending actions](#review-pending-actions). |