[Solved] Address false positives or false negatives in Microsoft 365 Defender - BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support

Important

The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.

Applies to:

Microsoft 365 Defender

False positives or negatives can occasionally occur with any threat protection solution. If automated investigation and response capabilities in Microsoft 365 Defender missed or wrongly detected something, there are steps your security operations team can take:

The following sections describe how to perform these tasks.

Report a false positive/negative to Microsoft for analysis

REPORT A FALSE POSITIVE/NEGATIVE TO MICROSOFT FOR ANALYSIS
Item missed or wrongly detected	Service	What to do
– Email message – Email attachment – URL in an email message – URL in an Office file	Microsoft Defender for Office 365	Submit suspected spam, phish, URLs, and files to Microsoft for scanning
File or app on a device	Microsoft Defender for Endpoint	Submit a file to Microsoft for malware analysis

Adjust an alert to prevent false positives from recurring

ADJUST AN ALERT TO PREVENT FALSE POSITIVES FROM RECURRING
Scenario	Service	What to do
– An alert is triggered by legitimate use – An alert is inaccurate	Microsoft Defender for Cloud Apps or Azure threat protection	Manage alerts in the Defender for Cloud Apps portal
A file, IP address, URL, or domain is treated as malware on a device, even though it’s safe	Microsoft Defender for Endpoint	Create a custom indicator with an “Allow” action

Undo a remediation action that was taken on a device

If a remediation action was taken on an entity (such as a device or an email message) and the affected entity is not actually a threat, your security operations team can undo the remediation action in the Action center.

Go to Microsoft 365 Defender portal and sign in.
In the navigation pane, choose Action center.
On the History tab, select an action that you want to undo. Its flyout pane opens.
In the flyout pane, select Undo.

Tip

See Undo completed actions.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

(Visited 22 times, 1 visits today)

Address false positives or false negatives in Microsoft 365 Defender

Report a false positive/negative to Microsoft for analysis

Adjust an alert to prevent false positives from recurring

Undo a remediation action that was taken on a device

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

About

Partners

Resources

Report a false positive/negative to Microsoft for analysis

Adjust an alert to prevent false positives from recurring

Undo a remediation action that was taken on a device

Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team

Related Articles

All about Microsoft

Overview of Microsoft 365 Lighthouse

Microsoft Defender for Business (preview) – Frequently asked questions and answers

Get help and support for Microsoft Defender for Business (preview)

Manage your custom rules for firewall policies in Microsoft Defender for Business (preview)

Firewall in Microsoft Defender for Business (preview)

About

Partners

Resources

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team