Microsoft explains false positives due to code changes to Endpoint Security. Although the problem has been solved, it is difficult for IT administrators to stop complaining if Microsoft does not give a clear statement. After all, such false positives can cause widespread outages, so Microsoft
a new document to provide guidance for IT administrators.
In the guide, Microsoft says that IT admins can now log in to the Microsoft 365 Defender portal to manually disable those unimportant warnings, of course, if the administrator thinks that there is a false positive, the corresponding content can also be disabled. After disabling, at least it will not be bombed and will not work properly. At the same time, Microsoft said that administrators can also remediate false positives, including batch undoing operations, restoring falsely reported files from the Action Center, and deleting or restoring files from quarantine across devices. An administrator can also use custom exclusions to include certain items in the exclusion list if the administrator confirms that there are false positives.
Microsoft hopes to use these functions to allow IT administrators to self-help when encountering such urgent problems, instead of waiting for Microsoft to release an update, after all, feedback and troubleshooting take time, and it takes time for the update to be synchronized to the enterprise terminal.