Microsoft Defender Is Reportedly Tagging Legitimate URLs Harmful

Microsoft Defender is reportedly tagging legitimate URLs harmful as links from both Google and Zoom were being flagged off in an apparent error from Microsoft Defender.

Microsoft Defender

Microsoft Defender

Microsoft’s very own defender antivirus software and program have labeled a couple of safe links as malicious thus sowing confusion among a host of users in what seems to be an error on Microsoft’s part.

After one of the affected persons posted about the issue on Reddit, it was quickly chimed on by other users all confirming that they had seen the same problem. For some of the affected users, links from Zoom were classified as malicious, while for other users, Google links, as well.

Microsoft Took To Twitter To Acknowledge the Problem

Microsoft soon after being tipped off the issue took to social media platform Twitter to acknowledge the said problem and stated that its engineers were at the moment working on a fix.

“We’re investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected,” Microsoft stated.

“We’ve confirmed that users are still able to access the legitimate URLs despite the false positive alerts. We’re investigating why and what part of the service is incorrectly identifying legitimate URLs as malicious.”

Microsoft Dropped an Update on Its 365 Admin Center Portal

later update on the 365 Admin Center portal of Microsoft cited that admins can expect an “increased number” of high-severity email message alerts stating “A potentially malicious URL click was detected”, and that also they can expect trouble in viewing the details by simply pressing the “View alerts” link available in the messages.

“We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” Microsoft stated. “Impact is specific to any admin served through the affected infrastructure.”

Microsoft a couple of hours later issued another update, stating that the false positive issue has now been addressed. The issue apparently was located in the SafeLinks feature, and the company’s engineers simply fixed it by reverting recent updates.

“We determined that recent additions to the SafeLinks feature resulted in the false alerts and we subsequently reverted these additions to fix the issue,” Microsoft in a tweet stated. “More detail can be found in the Microsoft 365 admin center under DZ534539.”

What Is a False Positive and False Negative Alert

What are false positive alerts and how does it differentiate from false negative alerts? Microsoft has already pointed out that the issue in question is a false positive, and you may be curious as to what it is. In endpoint protection solutions, a false positive is an entity such as a process or a file that was detected and then identified as malicious, although the entity is not a threat. A false negative on the other hand is an entity that was not detected as a threat although it is malicious actually.



Please enter your comment!
Please enter your name here