Forum Discussion
ATP False Positives
Ezra Pound We are still experiencing this.
We are on our 23rd day of support calls with Microsoft regarding this. Initially support suggested it is actually infected files, which we had checked out a few samples.
I've had to explain to Microsoft how the ATT00002.HTM files are generated and have replicated the issues several times.
It appears to happen when emails are sent to users which contain attachments and inline images such as an Email signature in Outlook. All the files being flagged are attached when someone forwards the emails from and apple client.
Microsoft Support have recently indicated that it is only our tenant this is happening with but clearly not the case.
A lot of the time with Microsoft support has been wasted explaining how the flagged files are actually being generated rather than actually determining why the files are being flagged as Malware in our alerts.
I suggest you open a support case with Microsoft.
Incredibly, years later, this same hash has started popping up frequently and is triggering ZAP and alerts. Did anyone ever get any explanation or satisfaction on this?
JSlora After spending around 26 days trying to have this resolved and several escalations I was just told that the issue had been resolved and no explanation was given despite asking several times. I was told to re-open the ticket if it happened again. I can't say I have noticed any ZAP's relating to this same hash recently but I will keep my eye out.