Merge pull request #4628 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
2025-05-14 22:37:22 +00:00 · 2021-01-27 11:46:44 -08:00 · 2021-01-27 11:46:44 -08:00 · 5d4e486126
commit 5d4e486126
parent 85c19075f1 560702cef3
1 changed files with 22 additions and 22 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@ -65,18 +65,18 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 3. Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
 4. Depending on the alert status, take the steps described in the following table: 

-    | Alert status | What to do |
-    |:---|:---|
-    | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
-    | The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive. <br/>2. [Suppress the alert](#suppress-an-alert). <br/> 3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <br/> 4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
-    | The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
+| Alert status | What to do |
+|:---|:---|
+| The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
+| The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive. <br/>2. [Suppress the alert](#suppress-an-alert). <br/> 3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <br/> 4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
+| The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |

 ### Classify an alert

 Alerts can be classified as false positives or true positives in the Microsoft Defender Security Center. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts.

 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
-2.	Select **Alerts queue**, and then select an alert that is a false positive.
+2. Select **Alerts queue**, and then select an alert.
 3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
 4. In the **Manage alert** section, select either **True alert** or **False alert**. (Use **False alert** to classify a false positive.)