Office
Sign in

View information about malicious files detected in SharePoint, OneDrive, or Microsoft Teams

Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams protects your organization from malicious files in document libraries and team sites. When a malicious file is detected, that file is blocked so that no one can open, copy, move, or share it until further actions are taken by the organization's security team. Read this article to learn how to view information about detected files and what actions to take.

Tip: In order to perform the tasks described in this article, you must have the necessary permissions assigned in the Office 365 Security & Compliance Center.

In this article:

View reports with information about detected files

To view status and detailed information about files that were detected by Office 365 ATP, you can use the Threat protection status report.

  1. In the Office 365 Security & Compliance Center, choose Reports > Dashboard > Threat protection status.

  2. In the upper right corner of the report, choose View details table.

  3. View the list of files that were detected in the report.

  4. Select an item in the list to view detailed information, including actions taken, the file name, the file path, and more.

  5. Choose the Advanced Analysis tab to view information, such as observed behavior and analysis details.

Tip: To learn more about available reports, see View reports for Office 365 Advanced Threat Protection.

View and take action on files in quarantine

  1. In the Office 365 Security & Compliance Center, choose Threat management > Review > Quarantine.

  2. In the upper left corner, change the filter from Email to Content.

  3. Select an item in the list to view detailed information, including the file's URL.

  4. Choose an available action.

    • Choose Release & report to unblock the file.

      Select Send report to Microsoft to report the file as a false positive to Microsoft.

    • Choose Download file to investigate the file further.

    • Choose Delete to remove the file from the list of quarantined items. If you choose this option, you must also delete the file from its respective library in SharePoint Online, OneDrive for Business, or Microsoft Teams. This option does not unblock a file from being opened or shared.

  5. Choose Close to close the details for a selected item.

Tip: To learn more about managing quarantined files, see Manage quarantined messages and files as an administrator in Office 365.

Related topics

Office 365 Advanced Threat Protection
View the reports for Office 365 Advanced Threat Protection
Permissions in the Office 365 Security & Compliance Center

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×