back to article Microsoft Defender shoots down legit URLs as malicious

Microsoft's at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious. Users are complaining that sites like Zoom and Google are being tagged as potentially dangerous, triggering a flood of alerts. To add to the problem, one netizen wrote that the Defender portal is "up …

  1. Stuart 18
    Devil

    Hmmmm??

    Does Microsoft make a competing product? Maybe we could have a Teams meeting to discuss?

    1. Yet Another Anonymous coward Silver badge

      Re: Hmmmm??

      No need to get paranoid, it's not like Microsoft would do anything nefarious like deliberately sending bad CSS to a competitors web browser

    2. John Brown (no body) Silver badge

      Re: Hmmmm??

      And yet again, "updates" released to the rest of the world to beta test before the US wakes up.

  2. Robert Moore
    Thumb Up

    Working as designed.

    I mean, from MS perspective Zoom and Google are very detrimental to their bottom line, so obviously should be blocked.

  3. Diogenes8080

    I don't see DZ534539. I do see DZ534548 for alert URLs that will not work, something that has been happening for the last few days. The URLs normally sort themselves out half a day later, which isn't really what one expects from a security product.

    1. Diogenes8080

      Because DZ534539 has already been moved over to the Issue History tab.

      That's just low. Especially when the problem isn't fixed because links dating from the incident live period still aren't opening.

      It looks as if DZ534548 is solely there to justify moving DZ534539 off of the Active tab.

  4. Korev Silver badge
    Joke

    Well to be fair to MS, Zoom installing a web browser without asking is a security risk

  5. yetanotheraoc Silver badge

    Canary Release

    "We determined that recent additions to the SafeLinks feature resulted in the false alerts and we subsequently reverted these additions to fix the issue"

    aka Testing in Production. Microsoft loves it. Here's the thing though. The canary is not supposed to be the *only* safety feature in the mine. If you have a pile of dead canaries, the mine is *not* safe.

    1. CrazyOldCatMan Silver badge

      Re: Canary Release

      If you have a pile of dead canaries, the mine is *not* safe

      Either that or the local cat rescue place has had a breach in the perimiter fence and all the inmates escaped..

      1. Strahd Ivarius Silver badge

        Re: Canary Release

        what, the cats allowed the humans to escape?

  6. gerryg

    They all do it

    Defender seems to be no different from the other options. Periodically we have to re-white list our website in order to avoid triggering warnings.

    I've forgotten which one as it hasn't happened for a few months but trust me if it were possible to have an undiluted rant at Microsoft I wouldn't miss the opportunity.

    1. Anonymous Coward
      Anonymous Coward

      Re: They all do it

      You work for Playboy?

      :)

  7. VoiceOfTruth

    Numbers

    -> Microsoft finally admitted that this is affecting hundreds of accounts and tenants worldwide.

    OMG. Thank $god it is only hundreds and not "a small number".

    1. GruntyMcPugh

      Re: Numbers

      Lucky us, we had this glitch yesterday, it's so nice to know we're in such an elite club!

    2. Strahd Ivarius Silver badge
      Facepalm

      Re: Numbers

      hundreds IS a small number when compared to the number of links being analyzed.

  8. Anonymous Coward
    Anonymous Coward

    Well, duh..

    Am I the only one who sees the folly of relying on a security product from the very company that is responsible for the security problem it is alleged to address?

    That's pretty much admitting you're into self flagellation, in a big way.

  9. An_Old_Dog Silver badge

    Using MS Defender

    ... is like taking the rental car with the always-on, mis-calibrated GPS. I'll take the murder car, instead. [https://xkcd.com/1837/]

  10. bpfh
    Mushroom

    And here we go again.

    Working for a mailing ESP, we have this recurring issue every 3 months or so where some links are classed malicious when accessed via one domain alias but clean for another.

    Microsoft's Postmaster says it's not their responsibility as it's not deliverability but security.

    Microsoft's security team says that link scanning is not their purview.

    Microsoft enterprise support says they can't help because it's a problem with a recipient on a Microsoft product and not the sender.

    Microsoft enterprise support tells the recipient that the sender needs to contact them.

    Microsoft public support says that "hum this shouldn't happen, but we can't help you".

    Reaching out to Microsoft malware and security contacts who are co-members of M3AWG never answer...

    So, globally if you have a link that gets blacklisted, you are screwed and hope that MS realises their mistake after a week or three.

    1. Steve Davies 3 Silver badge

      Re: And here we go again.

      Inside Redmond and India, the word 'support' was IMHO blacklisted a couple of decades ago and is now a prohibited word.

      Just my $0.024 (Inflation you know) worth.

      TBH, it is easier to get blood from a stone than a clear answer about an issue from MS. IMHO, nowt has changed since the day that W95 was released.

  11. storner
    Coat

    Yes, but ...

    can anyone come up with a better alternative for endpoint protection? Which is easy to install, does not cost a fortune, works across Windows, Mac, and Azure, and has *zero* false positives?

    --> see icon

  12. bernmeister
    Facepalm

    Overdone IT.

    Sounds like they have overdone the depth of document checking. A similar thing happens with some library internet connections. It is immpossible to down load visa applications in some libraries because the key word detection is triggered by the list of prohibited items!

  13. LateAgain

    The first computer autoimmune disease?

    The machine is attacking itself!

    1. Anonymous Coward
      Anonymous Coward

      Re: The first computer autoimmune disease?

      The machine is attacking itself!

      I knew I had kinship with computers..

      (Tomorrow is Stabbie day when I self-inject the stuff that stops my body eating my synovial membranes/tendons/ligaments..)

  14. Tron Silver badge

    Bumps along the way.

    The path from blacklisting the sites that you are blocked from to whitelisting the sites your government allows you to visit, was always going to have a few pot holes.

    What else do they scan your e-mails for?

  15. PeterM42
    Facepalm

    Another Day......

    ....another screw-up from MicroCRAP

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like