Forum Discussion
False Positive with endpoint
The defender for endpoint is blocking some of our files to be written to disc. This has started happening recently. The only way to send files to defender FP team is through this link: https://www.microsoft.com/en-us/wdsi/filesubmission/
However this requires the app to maintain access to my system which is not authorised by our company policy and hence i am not able to submit the files for whitelisting.
Could someone please help if there is any other mechanism (FTP link or otherwise) through which we can upload our files for defender to check and mark them as clean and prevent defender from blocking the creation of these in the system.
Thanks
4 Replies
- Christos_Ventouris
Microsoft
you can now use the Unified Submissions page within the M365 Defender portal to submit FPs
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide- Thank you Christos_Ventouris for your response. The above requires :
To submit files to Microsoft, you need to be a member of one of the following role groups:
Organization Management or Security Administrator in the Microsoft 365 Defender portal.
which i clearly do not seem to have and hence cannot see the Submissions option. Checking with IT. Thanks for sharing the relevant document, it really helped.
Sachin
- Thanks for your reply mikhailf. My bad, i did not mention this earlier. The issue is being faced by one of our clients on his machine, so we cannot ask our client to use the exception list route by adding our files to the exception list or the Allow Indicator as you mentioned.
We would need to get the files whitelisted itself from our end and currently the only available mechanism is not working for us due to restricted access.
Any other suggestion is truly welcome and appreciated.
Thanks
