Microsoft Defender marks legitimate URLs as malicious
Microsoft Defender, the free anti-malware software that comes built into Windows, has been falsely flagging URLs as malicious.
The company announced on Twitter that it was aware of the error and that an investigation into the cause is underway.
We are investigating an issue where the Microsoft Defender service incorrectly flags legitimate URL links as malicious. Additionally, some of the alerts do not display the content as expected. More details can be found in DZ534539 within the admin center.
— Microsoft 365 Status (@MSFT365Status) March 29, 2023
Microsoft has urged that despite false positive alerts, users can still access legitimate links marked as malicious.
At this stage, Microsoft is still investigating the issue and has said it is “reviewing diagnostics such as network telemetry data to verify the root cause and identify a path to resolution.”
The tech giant warned that technology administrators would likely see an increased number of high-severity alert emails warning about a potentially malicious URL being clicked.
Since the issue arose yesterday, some customers have received dozens of alert emails warning about malicious URLs, according to beepcomputer.
In response to Microsoft’s tweet, several users and administrators have expressed problems caused by the bug, such as an increased number of quarantined emails and a flood of alerts.
Yes, the 987 alerts I received for Zoom accounts were a good moment today? pic.twitter.com/Cix2CipagY
– Adam (@Reptarr2) March 29, 2023
@MSFT365Status Would this cause Defender to quarantine many more emails than normal? This morning we are inundated with dozens of requests, when normally there are only one or two, if any.
— Jared Does It (@ItsAnAsp3n) March 29, 2023