Update sharepoint-malware-false-positive-guide.md

MithunRathinam · web-flow · commit a35001c4b231 · 2025-08-06T00:07:19.000+05:30
following corrections has been made. Corrections I found : - Step 1: Identify th engine that flagged the file - <<wrong link>> : The Files tab of the Tenant Allow/Block Lists page at https://security.microsoft.com/reportsubmission?viewid=emailAttachment. The correct link is https://security.microsoft.com/tenantAllowBlockList?viewid=FileHash - Defender for Endpoint signature detections (Microsoft Defender XDR or Microsoft Defender for Endpoint Plan 2): Submit a file for malware analysis using the Files tab on the Submissions page in the Defender portal at https://security.microsoft.com/reportsubmission?viewid=fileSubmissions. For instructions, see Submit files in Microsoft Defender for Endpoint. << The following is an alternative to the above and can be used when the tenant does not have Microsoft Defender XDR or Microsoft Defender for Endpoint Plan 2. We may need to word it accordingly.>> - Submit the file from the Microsoft Security Intelligence at https://www.microsoft.com/wdsi/filesubmission. <<Links repeated twice>> - I Think we can remove “Quarantine” from last segment as this >30 days scenario. The file path from the relevant source: o The SharePoint library details. o Quarantine. o Output from the Get-SPOMalwareFile cmdlet.
diff --git a/SharePoint/SharePointOnline/security/sharepoint-malware-false-positive-guide.md b/SharePoint/SharePointOnline/security/sharepoint-malware-false-positive-guide.md
@@ -26,7 +26,7 @@ Malware false positive detections in SharePoint occur when a safe file is mistak
 > - Admins or security operations (SecOps) personnel with [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) permissions in organizations with cloud mailboxes have access files on the following pages in the Microsoft Defender portal:
 >   - The **Files** tab of the **Quarantine** page at <https://security.microsoft.com/quarantine?viewid=Files>.
 >   - The **Email Attachments** tab of the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=emailAttachment>.
->   - The **Files** tab of the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/reportsubmission?viewid=emailAttachment>.
+>   - The **Files** tab of the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList?viewid=FileHash>.
 >
 >   However, the **Files** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=fileSubmissions> is available only to organizations with **Microsoft Defender XDR** or **Microsoft Defender for Endpoint Plan 2**.
 > - For permissions and the most current information about the SharePoint Online Management Shell, see [Intro to SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell).
@@ -46,7 +46,7 @@ File scanning isn't always immediate. Scanning happens **asynchronously** based
 
 Use the steps in these sections to deal with false positives in SharePoint.
 
-### Step 1: Identify th engine that flagged the file
+### Step 1: Identify the engine that flagged the file
 
 Use any of the following methods:
 
@@ -114,9 +114,7 @@ If multiple files are flagged, submit all affected files by using the following
 2. Submit the files using one of the following methods based on how the file was detected:
    - **Safe Attachments detections**: Use the **Email attachments** tab on the **Submissions** page in the Defender portal at <https://security.microsoft.com/reportsubmission?viewid=emailAttachment>. For instructions, see [Report good email attachments to Microsoft](/defender-office-365/submissions-admin#report-good-email-attachments-to-microsoft).
 
-   - **Defender for Endpoint signature detections** (Microsoft Defender XDR or Microsoft Defender for Endpoint Plan 2): Submit a file for malware analysis using the **Files** tab on the **Submissions** page in the Defender portal at <https://security.microsoft.com/reportsubmission?viewid=fileSubmissions>. For instructions, see [Submit files in Microsoft Defender for Endpoint](/defender-endpoint/admin-submissions-mde).
-
-   - Submit the file from the [Microsoft Security Intelligence](https://www.microsoft.com/wdsi/filesubmission) portal at <https://www.microsoft.com/wdsi/filesubmission>.
+   - **Defender for Endpoint signature detections** (Microsoft Defender XDR or Microsoft Defender for Endpoint Plan 2): Submit a file for malware analysis using the **Files** tab on the **Submissions** page in the Defender portal at <https://security.microsoft.com/reportsubmission?viewid=fileSubmissions>. For instructions, see [Submit files in Microsoft Defender for Endpoint](/defender-endpoint/admin-submissions-mde). Alertnatively, Submit the file through the **Microsoft Security Intelligence** portal at <https://www.microsoft.com/wdsi/filesubmission>.
 
 ### Step 3: Verify the outcome
 
@@ -141,7 +139,6 @@ Use any of the following methods:
 >   - The detection type.
 >   - The file path from the relevant source:
 >     - The SharePoint library details.
->     - Quarantine.
 >     - Output from the [Get-SPOMalwareFile](/powershell/module/microsoft.online.sharepoint.powershell/get-spomalwarefile) cmdlet.
 >
 >   Here's an example path from the SharePoint library details: <https://contoso.sharepoint.com/sites/Everyone/Shared%20Documents/General/MyDoc1.docx>
