fixes with eyal

ElazarK · ElazarK · commit e9557f0812d1 · 2026-02-22T12:44:05.000+02:00
diff --git a/articles/defender-for-cloud/anti-malware.md b/articles/defender-for-cloud/anti-malware.md
@@ -22,8 +22,14 @@ Container runtime antimalware detection and blocking is part of the Defender for
 
 - To use container runtime antimalware detection and blocking, you need to run the Defender for Container sensor, which is available for the AWS, GCP, and AKS clouds. Currently, this feature is in preview and is only supported for:
     - **AKS**: Helm provisioning with sensor version **0.10.2**.
-    - **Multicloud**: Helm provisioning with sensor version **0.10.2** or the ARC extension using `release train=preview`.
+    - **Multicloud**: Helm provisioning with sensor version **0.10.2** or the ARC extension using `release-train=preview`, with the command `--configuration-settings collectors.antimalwareCollector.enable='true`.
 
+    For example:
+
+    ```azurecli    
+    az k8s-extension create --name  microsoft.azuredefender.kubernetes --extension-type  microsoft.azuredefender.kubernetes --cluster-name <name> --resource-group <rg> --cluster-type connectedClusters --release-train preview --configuration-settings collectors.antimalwareCollector.enable='true'
+    ```
+    
 - You must enable the Defender for Container sensor on the subscriptions and connectors. 
 
 - To create and modify antimalware policies, you need Security Admin or higher permissions on the tenant. To view antimalware policies, you need Security Reader or higher permissions on the tenant. 
