Forum Discussion
A potentially malicious URL click was detected
Several times a week (10 times today) I get alerts from mailto:email address removed for privacy reasons saying that someone has clicked a potentially malicious URL. Any time I have investigate...
Support said
"
when the Safe link polices are enabled, the click isn't actually a click on a link by a user. With the safe links polices enabled, the malicious URLs received in emails are re-written then scanned for the malicious content.
To elaborate it further, if you have an anti-virus installed on the computer that checks the URLs to see if they are malicious, then that anti-virus would "click" the url to test it, which would trigger as a click.
So it's fully possible that the users themselves didn't click the URLs, but something did."
They think that Trend Micro Apex One is checking the mailboxes for malware and triggering the alerts. We are opening a support ticket with Trend to see if others are encountering this.
This is the I've come to explaining this phenomena. Safe Link policy OFF, user likely clicked URL. Safe Link policy ON, Safe Link is the culprit. Now a source would be handy or Microsoft's acknowledgement!
- I would love for Microsoft to acknowledge this too. Something I been wanting conformation on for while now.
