In most cases, if a remediation action was taken on an email message, email attachment, or URL, and the item is actually not a threat, your security operations team can undo the remediation action and take steps to prevent the false positive from recurring. If your organization is using Microsoft Defender for Endpoint in addition to Office 365, and a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create a custom indicator with an "Allow" action for your device. If an alert is triggered by legitimate use, or the alert is inaccurate, you can Manage alerts in the Defender for Cloud Apps portal. Adjust an alert to prevent false positives from recurring You can also Submit a file to Microsoft for malware analysis. If AIR in Microsoft Defender for Office 365 missed an email message, an email attachment, a URL in an email message, or a URL in an Office file, you can submit suspected spam, phish, URLs, and files to Microsoft for Office 365 scanning. Report a false positive/negative to Microsoft for analysis
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |