deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into fpfn-mdav-mdatp

Browse Source
This commit is contained in:
Tina Burden 2021-01-27 08:18:21 -08:00 committed by GitHub
commit 00270cf559
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
View File

@ -117,10 +117,8 @@ When you're done reviewing and undoing actions that were taken as a result of fa
### Review completed actions ### Review completed actions
![Action center](images/autoir-action-center-1.png)
1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
2. Select the **History** tab to view a list of actions that were taken. 2. Select the **History** tab to view a list of actions that were taken.
3. Select an item to view more details about the remediation action that was taken. 3. Select an item to view more details about the remediation action that was taken.
### Undo an action ### Undo an action
@ -141,7 +139,7 @@ When you're done reviewing and undoing actions that were taken as a result of fa
1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
2. On the **History** tab, select a file that has the Action type **Quarantine file**. 2. On the **History** tab, select a file that has the Action type **Quarantine file**.
3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. 3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
## Part 3: Review or define exclusions ## Part 3: Review or define exclusions
@ -351,7 +349,6 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi
> [!IMPORTANT] > [!IMPORTANT]
> We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. > We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle.
## Still need help? ## Still need help?
If you have worked through all the steps in this article and still need help, contact technical support. If you have worked through all the steps in this article and still need help, contact technical support.
@ -364,4 +361,4 @@ If you have worked through all the steps in this article and still need help, co
[Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md) [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)
[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use) [Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)