deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update defender-endpoint-false-positives-negatives.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-01-26 19:12:31 -08:00 committed by GitHub
parent 3f47103c00
commit 5a95a0a2fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
View File

@ -117,8 +117,10 @@ When you're done reviewing and undoing actions that were taken as a result of fa
### Review completed actions
![Action center](images/autoir-action-center-1.png)
1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
2. Select the **History** tab to view a list of actions that were taken. <br/>![Action center](images/autoir-action-center-1.png)
2. Select the **History** tab to view a list of actions that were taken.
3. Select an item to view more details about the remediation action that was taken.
### Undo an action
@ -137,10 +139,11 @@ If you find that a remediation action was taken automatically on an entity that
### Remove a file from quarantine across multiple devices
![Quarantine file](images/autoir-quarantine-file-1.png)
1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
2. On the **History** tab, select a file that has the Action type **Quarantine file**.
3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. <br/>![Quarantine file](images/autoir-quarantine-file-1.png)
3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
## Part 3: Review or define exclusions
@ -352,7 +355,6 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi
> [!TIP]
> We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle.
## Still need help?
If you have worked through all the steps in this article and still need help, your best bet is to contact technical support.