From f508a1704b5862d2f228eaeef81762e2134cc59d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 22 Jan 2021 13:47:49 -0800 Subject: [PATCH] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 0a4832febe..a05b00432f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -54,10 +54,10 @@ Before you classify or suppress an alert, determine whether the alert is accurat 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. In the navigation pane, choose **Alerts queue**. 3. Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).) -4. Take one of the following steps:
- - If the alert is accurate, assign and investigate the alert further. - - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. - - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert. +4. Take one of the following steps:
+ - If the alert is accurate, assign and investigate the alert further. + - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. + - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert. ### Classify an alert as a false positive