This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 27%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Microsoft keeps alerting that a malware file has been uploaded into sharepoint. Nothing in the file is malicious. Have ran through multiple sandboxes and everything comes out clean. How can I see what or why Microsoft keeps labeling this file as malware?
Hi Paul,
This is part of Microsoft Defender for Office 365 functionality.
And how to manage quarantine - Take action on quarantined files
Best regards,
Aleksandr
If the response is helpful, please click "Accept Answer" and upvote it.
Aleksandr,
Thank you for this insight. This was great info. The reports do give a high level reasoning as to why it was blocked, however, the file in question is completely safe. I will probably open a ticket with MS to see if they can get granular on this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 51%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint Online, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint Online, OneDrive, and Microsoft Teams. This is an automatic process in the background.
The recommended way is to delete the flag file then re-upload the file.
Or you could open a service request with Microsoft to find the reason from the backend.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Emily,
Thank you for the input. Yes, I am going to open a ticket because I want see the actual meta data they see or saw as malicious. The file in question is completely safe so, not sure what it sees. Perhaps someone categorized our link as malicious? Thanks for your insight here.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 62%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Thanks for your reply.
If the issue has any progress, you could update in this post.