Merge pull request #1 from MithunRathinam/patch-1

chrisda · web-flow · commit 1850af9a6634 · 2025-08-05T11:41:22.000-07:00
Update sharepoint-malware-false-positive-guide.md
diff --git a/SharePoint/SharePointOnline/security/sharepoint-malware-false-positive-guide.md b/SharePoint/SharePointOnline/security/sharepoint-malware-false-positive-guide.md
@@ -3,7 +3,7 @@ title: SharePoint malware false-positive guide
 ms.author: chrisda
 author: chrisda
 manager: orspodek
-ms.date: 08/01/2025
+ms.date: 08/05/2025
 audience: ITPro
 ms.topic: troubleshooting
 search.appverid: 
@@ -26,7 +26,7 @@ Malware false positive detections in SharePoint occur when a safe file is mistak
 > - Admins or security operations (SecOps) personnel with [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) permissions in organizations with cloud mailboxes have access files on the following pages in the Microsoft Defender portal:
 >   - The **Files** tab of the **Quarantine** page at <https://security.microsoft.com/quarantine?viewid=Files>.
 >   - The **Email Attachments** tab of the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=emailAttachment>.
->   - The **Files** tab of the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/reportsubmission?viewid=emailAttachment>.
+>   - The **Files** tab of the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList?viewid=FileHash>.
 >
 >   However, the **Files** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=fileSubmissions> is available only to organizations with **Microsoft Defender XDR** or **Microsoft Defender for Endpoint Plan 2**.
 > - For permissions and the most current information about the SharePoint Online Management Shell, see [Intro to SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell).
@@ -46,7 +46,7 @@ File scanning isn't always immediate. Scanning happens **asynchronously** based
 
 Use the steps in these sections to deal with false positives in SharePoint.
 
-### Step 1: Identify th engine that flagged the file
+### Step 1: Identify the engine that flagged the file
 
 Use any of the following methods:
 
@@ -114,9 +114,7 @@ If multiple files are flagged, submit all affected files by using the following
 2. Submit the files using one of the following methods based on how the file was detected:
    - **Safe Attachments detections**: Use the **Email attachments** tab on the **Submissions** page in the Defender portal at <https://security.microsoft.com/reportsubmission?viewid=emailAttachment>. For instructions, see [Report good email attachments to Microsoft](/defender-office-365/submissions-admin#report-good-email-attachments-to-microsoft).
 
-   - **Defender for Endpoint signature detections** (Microsoft Defender XDR or Microsoft Defender for Endpoint Plan 2): Submit a file for malware analysis using the **Files** tab on the **Submissions** page in the Defender portal at <https://security.microsoft.com/reportsubmission?viewid=fileSubmissions>. For instructions, see [Submit files in Microsoft Defender for Endpoint](/defender-endpoint/admin-submissions-mde).
-
-   - Submit the file from the [Microsoft Security Intelligence](https://www.microsoft.com/wdsi/filesubmission) portal at <https://www.microsoft.com/wdsi/filesubmission>.
+   - **Defender for Endpoint signature detections** (Microsoft Defender XDR or Microsoft Defender for Endpoint Plan 2): Submit a file for malware analysis using the **Files** tab on the **Submissions** page in the Defender portal at <https://security.microsoft.com/reportsubmission?viewid=fileSubmissions>. For instructions, see [Submit files in Microsoft Defender for Endpoint](/defender-endpoint/admin-submissions-mde). Or, submit the file through the **Microsoft Security Intelligence** portal at <https://www.microsoft.com/wdsi/filesubmission>.
 
 ### Step 3: Verify the outcome
 
@@ -141,7 +139,6 @@ Use any of the following methods:
 >   - The detection type.
 >   - The file path from the relevant source:
 >     - The SharePoint library details.
->     - Quarantine.
 >     - Output from the [Get-SPOMalwareFile](/powershell/module/microsoft.online.sharepoint.powershell/get-spomalwarefile) cmdlet.
 >
 >   Here's an example path from the SharePoint library details: <https://contoso.sharepoint.com/sites/Everyone/Shared%20Documents/General/MyDoc1.docx>
