Forum Discussion
Paul Broadbent
Jul 09, 2018Copper Contributor
ATP not scanning Subject Line for Hyperlinks
Hi I recently reported an issue with the Office 365 ATP not scanning subject lines (or re-writing the URL). I reported this to MSRC, and they acknowledged the report, however they responded that...
Paul Cunningham
Jul 09, 2018Steel Contributor
It's possible that some other layer of protection in EOP would detect a malicious URL or some other characteristic of an actual attack, but I agree with you that ATP Safe Links should be looking at URLs in subject lines as well.
Since you already reported this to MSRC I've flagged this with the product group to see if there's anything more that can be done.
Paul Broadbent
Jul 09, 2018Copper Contributor
Hi Paul,
I agree, there could be another layer of protection, but the lack of re-write in the URL makes me cautious.
I did want to try linking to a malicious payload, but unfortunately I am not in a position to do that in a production network.
If I get the time I may try this over the next week.
My concern is that people will buy ATP as an "Out of the box" security solution and just expect it will protect them from all incoming links.
Thank you for your advice and following this up.
- Paul CunninghamJul 09, 2018Steel Contributor
Well we expect Safe Links to rewrite URLs so they can be checked at the time of click. So that should be happening whether the URL is known (by us) to be safe or not.
- Paul CunninghamJul 11, 2018Steel Contributor
I am told by a member of the product group that they are aware of this issue and are actively working on it.
- Fredrik JonssonOct 23, 2018Copper Contributor
To me it looks like safelink gets bypassed a lot even if the link is in the content of the mail.