Forum Discussion
AnuragSrivastava
Dec 06, 2020Iron Contributor
ASR | Legit URL getting blocked
Hi, A legit exchange url is getting blocked by defender and showing the action type as ExploitGuardNetworkProtectionBlocked. The event info says that the URL is blocked as Custom Policy by ASR. ...
sewtom
Jan 20, 2021Copper Contributor
AnuragSrivastava We have had various legit domains (e.g. zoom.us which is a sanctioned meeting tool) blocked at random for different users at different times.
This is even when domains are explicitly allowed in MDATP Security Center.
MS are continuing to troubleshoot, but it is seeming like an issue with SmartScreen URL lists rather than Defender/MCAS.
The inconsistency is not very assuring however.
- sewtomJan 20, 2021Copper ContributorAh and we also had Outlook getting blocked at one point. Turned out MS had added officeclient.microsoft.com to the listed URLs of OneDrive (consumer) in MCAS, which are automatically passing to Defender to block... They have removed it now, but seemingly it is still an immature product.
- AnuragSrivastavaJan 20, 2021Iron Contributor
sewtom So did you open ticket with Microsoft to fix the same? It would be good to know and understand what actually is the reason behind the blocking of these legit URLs and that too for just few users.
- sewtomJan 20, 2021Copper ContributorNope, the case has been ongoing for several weeks. Several things have been tried but we don't yet know the true cause. Will try to remember to update here when I know 🙂