diff --git a/atomics/T1489/T1489.md b/atomics/T1489/T1489.md
index 24ab4896..c0e7b2e3 100644
--- a/atomics/T1489/T1489.md
+++ b/atomics/T1489/T1489.md
@@ -16,7 +16,9 @@ Adversaries may accomplish this by disabling individual services of high importa
## Atomic Test #1 - Windows - Stop service using Service Controller
-Stops a specified service using the sc.exe command.
+Stops a specified service using the sc.exe command. Upon execution, if the spooler service was running infomration will be displayed saying
+it has changed to a state of STOP_PENDING. If the spooler service was not running "The service has not been started." will be displayed and it can be
+started by running the cleanup command.
**Supported Platforms:** Windows
@@ -49,7 +51,9 @@ sc.exe start #{service_name}
## Atomic Test #2 - Windows - Stop service using net.exe
-Stops a specified service using the net.exe command.
+Stops a specified service using the net.exe command. Upon execution, if the service was running "The Print Spooler service was stopped successfully."
+will be displayed. If the service was not running, "The Print Spooler service is not started." will be displayed and it can be
+started by running the cleanup command.
**Supported Platforms:** Windows
@@ -82,8 +86,10 @@ net.exe start #{service_name}
## Atomic Test #3 - Windows - Stop service by killing process
-Stops a specified service killng the service's process.
-This technique was used by WannaCry.
+Stops a specified service killng the service's process.
+This technique was used by WannaCry. Upon execution, if the spoolsv service was running "SUCCESS: The process "spoolsv.exe" with PID 2316 has been terminated."
+will be displayed. If the service was not running "ERROR: The process "spoolsv.exe" not found." will be displayed and it can be
+started by running the cleanup command.
**Supported Platforms:** Windows
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 2b07464f..40f96915 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -16380,9 +16380,10 @@ impact:
identifier: T1489
atomic_tests:
- name: Windows - Stop service using Service Controller
- description: 'Stops a specified service using the sc.exe command.
-
-'
+ description: |
+ Stops a specified service using the sc.exe command. Upon execution, if the spooler service was running infomration will be displayed saying
+ it has changed to a state of STOP_PENDING. If the spooler service was not running "The service has not been started." will be displayed and it can be
+ started by running the cleanup command.
supported_platforms:
- windows
input_arguments:
@@ -16400,9 +16401,10 @@ impact:
'
- name: Windows - Stop service using net.exe
- description: 'Stops a specified service using the net.exe command.
-
-'
+ description: |
+ Stops a specified service using the net.exe command. Upon execution, if the service was running "The Print Spooler service was stopped successfully."
+ will be displayed. If the service was not running, "The Print Spooler service is not started." will be displayed and it can be
+ started by running the cleanup command.
supported_platforms:
- windows
input_arguments:
@@ -16420,8 +16422,11 @@ impact:
'
- name: Windows - Stop service by killing process
- description: "Stops a specified service killng the service's process. \nThis
- technique was used by WannaCry.\n"
+ description: |
+ Stops a specified service killng the service's process.
+ This technique was used by WannaCry. Upon execution, if the spoolsv service was running "SUCCESS: The process "spoolsv.exe" with PID 2316 has been terminated."
+ will be displayed. If the service was not running "ERROR: The process "spoolsv.exe" not found." will be displayed and it can be
+ started by running the cleanup command.
supported_platforms:
- windows
input_arguments: