deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into fpfn-mdav-mdatp

Browse Source
This commit is contained in:
Tina Burden 2021-01-27 08:18:21 -08:00 committed by GitHub
commit 00270cf559
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
View File

@ -117,10 +117,8 @@ When you're done reviewing and undoing actions that were taken as a result of fa
### Review completed actions
![Action center](images/autoir-action-center-1.png)
1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
2. Select the **History** tab to view a list of actions that were taken.
2. Select the **History** tab to view a list of actions that were taken.
3. Select an item to view more details about the remediation action that was taken.
### Undo an action
@ -141,7 +139,7 @@ When you're done reviewing and undoing actions that were taken as a result of fa
1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
2. On the **History** tab, select a file that has the Action type **Quarantine file**.
3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
## Part 3: Review or define exclusions
@ -351,7 +349,6 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi
> [!IMPORTANT]
> We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle.
## Still need help?
If you have worked through all the steps in this article and still need help, contact technical support.
@ -364,4 +361,4 @@ If you have worked through all the steps in this article and still need help, co
[Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)
[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)
[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)