cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

False Positive with endpoint

sacjain
Copper Contributor

‎May 23 2022 10:27 PM

‎May 23 2022 10:27 PM

False Positive with endpoint

The defender for endpoint is blocking some of our files to be written to disc. This has started happening recently. The only way to send files to defender FP team is through this link: https://www.microsoft.com/en-us/wdsi/filesubmission/

However this requires the app to maintain access to my system which is not authorised by our company policy and hence i am not able to submit the files for whitelisting. 

 

Could someone please help if there is any other mechanism (FTP link or otherwise) through which we can upload our files for defender to check and mark them as clean and prevent defender from blocking the creation of these in the system. 

 

Thanks 

1,080 Views
0 Likes
4 Replies
Reply
4 Replies
mikhailf

‎May 23 2022 11:30 PM

‎May 23 2022 11:30 PM

Re: False Positive with endpoint

Hello @sacjain ,

 

Have you tried to create an "Allow indicator" for the affected files?

Create indicators for files | Microsoft Docs

0 Likes
Reply
sacjain

‎May 23 2022 11:34 PM

‎May 23 2022 11:34 PM

Re: False Positive with endpoint

Thanks for your reply @mikhailf. My bad, i did not mention this earlier. The issue is being faced by one of our clients on his machine, so we cannot ask our client to use the exception list route by adding our files to the exception list or the Allow Indicator as you mentioned.

We would need to get the files whitelisted itself from our end and currently the only available mechanism is not working for us due to restricted access.

Any other suggestion is truly welcome and appreciated.

Thanks
0 Likes
Reply
Christos_Ventouris

‎May 25 2022 05:52 AM

‎May 25 2022 05:52 AM

Re: False Positive with endpoint

you can now use the Unified Submissions page within the M365 Defender portal to submit FPs

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/admin-submissions-mde?view...
0 Likes
Reply
sacjain

‎May 25 2022 07:34 AM

‎May 25 2022 07:34 AM

Re: False Positive with endpoint

Thank you @Christos_Ventouris for your response. The above requires :

To submit files to Microsoft, you need to be a member of one of the following role groups:
Organization Management or Security Administrator in the Microsoft 365 Defender portal.

which i clearly do not seem to have and hence cannot see the Submissions option. Checking with IT. Thanks for sharing the relevant document, it really helped.

Sachin
0 Likes
Reply