Microsoft's Defender antivirus program (opens in a new tab) has incorrectly labeled several safe links as malicious, confusing dozens of users.
After one of the affected users reported the issue on Reddit, others quickly jumped in and confirmed that they had seen the same issue. For some, the Zoom links were classified as malicious, while for others, the Google links were too.
Shortly after receiving the notification, Microsoft took to Twitter to acknowledge the issue and say its engineers were working on a fix.
Problem showing alerts
"We are investigating an issue where legitimate URL links are incorrectly marked as malicious by the Microsoft Defender service. Additionally, some alerts do not display content as expected," Microsoft said (opens in a new tab).
"We have confirmed that users can still access legitimate URLs despite false positive alerts. We are investigating the reason and the part of the service that incorrectly identifies legitimate URLs as malicious."
A subsequent update (opens in a new tab) to the Microsoft 365 admin center portal said admins can expect an "increased number" of high-severity email alerts that say "Click detected on a potentially dangerous URL." malicious", and that you can also expect difficulties to see the details by tapping the "View alerts" link in the messages.
“We are reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” Microsoft said. "The impact is specific to any administrator served through the affected infrastructure."
A few hours later, Microsoft released another update, stating that the false positive issue had been resolved. Apparently, the problem was with the SafeLinks feature, and its engineers fixed it by rolling back recent updates.
"We have determined that recent additions to SafeLinks functionality have caused false alerts and have subsequently reverted these additions to resolve the issue," Microsoft said in a tweet. "More details can be found in the Microsoft 365 admin center at DZ534539."
Via: BleepingComputer (Opens in a new tab)