Microsoft will strengthen the company’s internal policies to report and evaluate false positives from Defender for Endpoint, one of the company’s leading security solutions.
The reason is to improve the platform in general, but the novelty came about for a specific and curious reason: recently, Defender pointed out that legitimate Office updates, Microsoft’s own content editors package, was malware from a false positive. †
Some users noticed that OfficeSvcMgr.exe was spotted by the native antivirus on Wednesday (16) as ransomware — an incorrect warning and quickly fixed.
and now?
The new guidance guide on how to proceed in cases of false negatives or positives is aimed at administrators and employees in the company’s digital security sector. It brings the mandatory steps to be followed to eliminate this type of alert as quickly as possible, making it sometimes not even reach the end consumer.
Basically, the employee must review and sort the alerts and recommended actions, as well as define exceptions and submit the file for further analysis in the company’s systems. Finally, if everything has passed, the settings in Defender are properly adjusted.
The complete guide “False positive/negative addresses in Microsoft Defender for Endpoint” can be viewed by anyone at this link.