From 87dabf7055bdf25b4d91a599e34ad46a12120d95 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 29 Jan 2020 15:48:58 -0800 Subject: [PATCH] Update antivirus-false-positives-negatives.md --- .../antivirus-false-positives-negatives.md | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md index 22f22eb666..a6dc1e50c2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md +++ b/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 01/27/2020 +ms.date: 01/29/2020 ms.reviewer: manager: dansimp --- @@ -25,7 +25,10 @@ manager: dansimp Windows Defender Antivirus is designed to keep your PC safe with built-in, trusted antivirus protection. With Windows Defender Antivirus, you get comprehensive, ongoing, and real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud and the web. -But what if something gets detected wrongly as malware, or something is missed? We call these false positives and false negatives, and there are some steps you can take to deal with these things. You can [submit a file to Microsoft for analysis](#submit-a-file-to-microsoft-for-analysis), and potentially, [define an exclusion](#define-an-exclusion-on-a-windows-device) in your Windows Defender Antivirus settings. +But what if something gets detected wrongly as malware, or something is missed? We call these false positives and false negatives. Fortunately, there are some steps you can take to deal with these things. You can: +- [Submit a file to Microsoft for analysis](#submit-a-file-to-microsoft-for-analysis); +- [Create an "Allow" indicator](#create-an-allow-indicator); or +- [Define an exclusion on an individual device](#define-an-exclusion-on-a-windows-device) in your Windows Defender Antivirus settings. ## Submit a file to Microsoft for analysis @@ -35,11 +38,23 @@ But what if something gets detected wrongly as malware, or something is missed? > [!TIP] > We recommend signing in at the submission portal so you can track the results of your submissions. -## Define an exclusion on a Windows device +## Create an "Allow" indicator + +If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Windows Defender Antivirus (and Microsoft Defender Advanced Threat Protection) that the item is safe. + +To set up your "Allow" indicator, follow the guidance in [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators). + +## Define an exclusion on an individual Windows device When you define an exclusion for Windows Defender Antivirus, you configure your antivirus to skip that item. 1. On your Windows 10 device, open the Windows Security app. 2. Select **Virus & threat protection** > **Virus & threat protection settings**. 3. Under **Exclusions**, select **Add or remove exclusions**. -4. Select **+ Add an exclusion**, and specify its type (**File**, **Folder**, **File type**, or **Process**.) \ No newline at end of file +4. Select **+ Add an exclusion**, and specify its type (**File**, **Folder**, **File type**, or **Process**.) + +## Related articles + +[What is Microsoft Defender Advanced Threat Protection?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) + +[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) \ No newline at end of file