Microsoft Defender Mistakenly Tags Legitimate URLs as Malicious

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu Writer

Microsoft Defender, the default security platform for Windows, is currently causing confusion among users as it mistakenly flags legitimate URLs as malicious, causing several false positives. Microsoft has confirmed that it is investigating the issue as a false positive, with its engineers working to identify the root cause and develop a remediation plan.

“We’re investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service,” Microsoft said in a statement. “Additionally, some of the alerts are not showing content as expected.”

Despite these alerts, users can still access legitimate URLs, and the company has been reviewing service monitoring telemetry to isolate the root cause of the issue.

The false-positive alerts have caused a lot of users to be frustrated, with some receiving multiple alert emails reporting the issue. It remains unclear how widespread the issue is, but some users have reported that the security platform is flagging well-known sites like Google and Zoom as malicious. Microsoft also confirmed reports of issues with accessing alert details through the “View alerts” link in the emails.

Microsoft has not provided a timeline for resolving the issue, but it has assured users that it is working to rectify the situation as quickly as possible. Although false positives are an unfortunate aspect of any security system, Microsoft’s efforts to minimize their occurrence are commendable. Users are advised to stay patient and await further updates from Microsoft on this issue.

“We’ve confirmed that users are still able to access the legitimate URLs despite the false positive alerts,” Microsoft said. “We’re investigating why and what part of the service is incorrectly identifying legitimate URLs as malicious. Further details are under DX534539 within the admin center.

“We’re reviewing diagnostics such as network telemetry data to verify the root cause and identify a path to resolution. Further detail can be found under DZ534539 in the Microsoft 365 admin center.”

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.

Leave a Comment