deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update defender-endpoint-false-positives-negatives.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-01-21 20:50:56 -08:00
parent 4cb7b0ff72
commit 5b04617b29
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
View File

@ -19,7 +19,7 @@ ms.collection:
- m365-security-compliance - m365-security-compliance
- m365initiative-defender-endpoint - m365initiative-defender-endpoint
ms.topic: conceptual ms.topic: conceptual
ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree, jcedola
ms.custom: FPFN ms.custom: FPFN
--- ---
@ -34,10 +34,10 @@ ms.custom: FPFN
In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes: In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes:
1. [Reviewing and classifying alerts](#review-and-classify-alerts) 1. [Reviewing and classifying alerts](#review-and-classify-alerts)
2. Reviewing remediation actions that were taken 2. [Reviewing remediation actions that were taken](#review-remediation-actions)
3. Reviewing and defining exclusions 3. [Reviewing and defining exclusions](#review-or-define-exclusions-for-microsoft-defender-for-endpoint)
4. Submitting an entity for analysis 4. [Submitting an entity for analysis](#submit-a-file-for-analysis)
5. Reviewing your threat protection settings 5. [Reviewing your threat protection settings](#review-your-threat-protection-settings)
If youre using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment. If youre using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.