polished

Author: ElazarK

articles/defender-for-cloud/anti-malware.md

@@ -4,17 +4,19 @@ description: Learn how to configure Container runtime Antimalware detection and
 #customer intent: As a security admin, I want to configure container runtime antimalware policies so that I can detect and prevent malware in my containerized workloads.
 author: ElazarK
 ms.author: elkrieger
-ms.date: 02/16/2026
+ms.date: 02/22/2026
 ms.topic: how-to
 ---
 
 # Antimalware detection and blocking
 
-Container runtime antimalware detection and blocking happens when a container runs an executable that the system identifies as malware.
+Container runtime antimalware detects and blocks malware when a container runs an executable that the system identifies as malicious software.
 
-This feature provides alerts when it identifies malware and allows you to block it. You can define antimalware policies to specify conditions for generating alerts and blocking, helping you distinguish between legitimate activities and potential threats. 
+This feature sends alerts when it identifies malware and lets you block malware.  
 
-Container runtime antimalware detection and blocking is integrated into the Defender for Containers plan and is available for the Azure (AKS), Amazon (EKS), and Google (GKE) clouds. 
+You can define antimalware policies that set conditions for alerts and blocking. These policies help you distinguish legitimate activity from potential threats.
+
+Container runtime antimalware detection and blocking is part of the Defender for Containers plan. This feature is available for Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), and Google Kubernetes Engine (GKE).
 
 ## Prerequisites
 
@@ -33,7 +35,7 @@ Container runtime antimalware detection and blocking is integrated into the Defe
     | CPU | 50m | 300m |
     | Memory | 128Mi | 500Mi |
 
-- Learn more about [antimalware detection and blocking availability](support-matrix-defender-for-containers.md#runtime-protection-features).
+Learn more about [antimalware detection and blocking availability](support-matrix-defender-for-containers.md#runtime-protection-features).
 
 ### Components
 
@@ -102,22 +104,23 @@ After 30 minutes, the sensors on the protected clusters are updated with the new
 
 ## Manage antimalware rules
 
-Based on the alerts you receive and your review of them, you might need to adjust your rules in the antimalware policy. This adjustment could involve refining conditions, adding new rules, or removing rules that generate too many false positives. The goal is to ensure that the defined antimalware policies and their rules effectively balance security needs with operational efficiency. 
+Based on the alerts you receive and review, you might need to adjust the rules in the antimalware policy. This adjustment might include refining conditions, adding rules, or removing rules that generate many false positives. The goal is to balance security needs with operational efficiency by using effective antimalware policies and rules.
 
-The effectiveness of antimalware detection relies on your active engagement in configuring, monitoring, and adjusting policies to suit your environment's unique requirements. 
+Effective antimalware detection relies on your active role in configuring, monitoring, and adjusting policies for your environment.
 
-You can arrange the rules based on priority by selecting the up or down arrow. The rule with the highest priority (lowest number) is evaluated first. If a rule match occurs, the action designated by the rule happens and the evaluation ends. If no match is found, the next rule is evaluated. If no match occurs with any of the existing rules, the default rules are applied.
+You can arrange rules by priority by selecting the up or down arrow. The rule with the highest priority (the lowest number) runs first. If a rule matches, the rule action runs and the evaluation ends. If no rule matches, the system evaluates the next rule. If no rule matches, the system applies the default rules.
 
-You can manage each rule by using the toolbar.
+You can manage each rule by using the toolbar controls.
 
 :::image type="content" source="media/anti-malware/rule-toolbar.png" alt-text="Screenshot that shows the toolbar that can be used to manage the rules." lightbox="media/anti-malware/rule-toolbar.png":::
 
-The toolbar allows you to edit, duplicate, delete, enable, and disable rules. Simply select a rule and the desired action.
+The toolbar lets you edit, duplicate, delete, enable, and disable rules. Select a rule and an action.
 
-Disabling a rule allows you to keep the rule and its configuration without applying it. This option is useful if you want to temporarily stop a rule from being applied without losing its configuration.
+Disabling a rule lets you keep the rule and its configuration without applying the rule. This option is useful if you want to stop a rule temporarily without losing its configuration.
 
-After you configure your rules, select **Save** to apply the changes and create the policy. Within 30 minutes, the sensors on the protected clusters are updated with the new policy. 
+After you configure your rules, select **Save** to apply the changes and create the policy. Within 30 minutes, the sensors on the protected clusters update with the new policy.
 
-## Related content
+## Next step
 
-- [Overview of Container security in Microsoft Defender for Containers](/azure/defender-for-cloud/defender-for-containers-introduction)
+> [!div class="nextstep"]
+> [Overview of Container security in Microsoft Defender for Containers](/azure/defender-for-cloud/defender-for-containers-introduction)

articles/defender-for-cloud/binary-drift-detection.md

@@ -4,7 +4,7 @@ description: Learn how binary drift detecting and blocking can help you detect u
 ms.topic: how-to
 author: Elazark
 ms.author: elkrieger
-ms.date: 01/13/2026
+ms.date: 02/22/2026
 #customer intent: As a user, I want to understand how binary drift detection and blocking can help me detect unauthorized external processes within containers.
 ---