September 30, 2023

Microsoft Defender, that comes with Windows is tagging sites such as Google and Zoom as being malicious, several users reported

Defender is meant to stop users from visiting malicious sites, but it goes without saying that isn’t malicious. It’s unknown why Defender has suddenly gone rogue. At least for now, Microsoft doesn’t seem to know why either.

According to the official microsoft statement, it is investigating why legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. In addition, Microsoft is looking into why some of the alerts are not showing content as expected.


The Microsoft support team confirmed that users can still access legitimate URLs despite the false-positive alerts. As part of an investigation into the problem, Microsoft said it was reviewing diagnostics such as network telemetry data to verify the root cause and identify a path to resolution.

How widespread the issue is among users is not clear. It has been reported that one organization had received hundreds of malicious URL alerts for links, all of which take time to investigate. A post on Reddit also detailed various users who have experienced the problem.

Update March 29: Microsoft says the false positive issue has been addressed by reverting recent updates to the SafeLinks feature.

Leave a Reply

%d bloggers like this: