Microsoft confirms Defender has gone rogue as it’s flagging legit links as malware

Every once in a while, Microsoft Defender goes rogue, often ending up flagging legitimate files or URLs as malicious files or links. Today happens to be such a day as Microsoft has confirmed that Defender is causing such issues at the moment. As a result, sysadmins will be receiving a very high volume of such false email security alerts. Over on the Microsoft 365 Status Twitter handle, the Redmond company has announced the bug and provided additional details regarding the bug. The issue can be tracked under “DZ534539″in the Microsoft 365 Admin Center portal.

Over on Reddit, IT and system administrators are also discussing about the problems and in one of the threads, user x-64 has shared details about DZ534539:

DZ534539

Title: Admins may be receiving an unexpected amount of high severity alert email messages

User impact: Admins may be receiving an unexpected amount of high severity alert email messages.

More info: The high severity alert emails refer to ‘A potentially malicious URL click was detected’. Additionally, admins may be unable to view alert details using the ‘View alerts’ link in the emails.

Current status: We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan.

Scope of impact: Impact is specific to any admin served through the affected infrastructure.

We will keep you posted on further developments.

---

---