Forum Discussion
XYZ files are marked as potential ransomware
We get a steady stream of alerts from users uploading files with .xyz extensions to M365. The majority of these we see are used by a software called matlab. Is there a way to not mark these files...
If you look into the template for the Ransomware policy you will see that .xyz is going to trigger the alert. If you remove this element from your ransomware policy, you'll get rid of the false positive alerts. The 'issue' is that real ransomware sometimes uses this extension so you lose a bit of functionality (though I can see why you would want to in this case)