Security News > 2023 > March > Microsoft Defender shoots down legit URLs as malicious

Microsoft's at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious.

One Register reader told us: "Our organization has received hundreds of malicious URL alerts from Office 365 for zoom.us links. These false positives take us a long time to investigate. Microsoft finally admitted that this is affecting hundreds of accounts and tenants worldwide."

"We're investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service," Redmond wrote.

An hour after the first tweet, Redmond followed up, saying that "Users are still able to access the legitimate URLs despite the false positive alerts. We're investigating why and what part of the service is incorrectly identifying legitimate URLs as malicious."

Defender is "Classifying all ZOOM.US a malicious URL, detecting all clicks as potentially Malicious," an admin wrote.

"We've checked several of those URLs and all them seem a legit resource."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/29/microsoft_defender_url_alerts/