Update defender-endpoint-false-positives-negatives.md

2025-05-17 15:57:23 +00:00 · 2020-12-15 15:56:57 -08:00 · 2020-12-15 15:56:57 -08:00 · 131da8346a
commit 131da8346a
parent fda53f2bd9
1 changed files with 22 additions and 1 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@ -35,4 +35,25 @@ Did Microsoft Defender for Endpoint identify an artifact as malicious, even thou

 | Step | Description |
 |:---|:---|
-| 1. Identify a false positive/negative |   |
+| 1. Identify a false positive/negative |   |
+| 2. Review/define exclusions for Defender for Endpoint  |  |
+| 3. Review/define indicators for Defender for Endpoint |  |
+| 4. Classify a false positive/negative in Defender for Endpoint |  |
+| 5. Submit a file for analysis |  |
+| 6. Confirm your software uses EV code signing  |  |
+
+## Identify a false positive/negative
+
+*How do we know something is a false positive or negative? What do we want customers to look for?*
+
+## Review or define exclusions
+
+*Exclusions are defined for AutoIR and for MDAV, yes?*
+
+## Review or define indicators
+
+## Classify a false positive or false negative
+
+## Submit a file for analysis
+
+## Confirm your software uses EV code signing