MCAS

Copper Contributor

We are getting lot of false positive alerts for Malware Detection

1 Reply

@Dinesh_Kumar199589 

 

To reduce false positives from MDCA built-in threat detections:

 

  1. First, ensure you have entered your organization's IP address ranges to tell MDCA more about your VPN and corporate IP ranges.  Note that if your corporate egress IPs are also used for egress of VPN clients, then that IP address/range should be categorized as VPN.  More info: Set IP ranges and tags | Microsoft Docs  
  2. Second, ensure that you follow the recommended investigation and feedback mechanisms for the built-in detection alerts.  Feeding back into these detections with the TP, B-TP, and FP information will improve the quality of detections. Defender for Cloud Apps anomaly detection alerts investigation guide | Microsoft Docs