Forum Discussion
ASR | Legit URL getting blocked
Hi, A legit exchange url is getting blocked by defender and showing the action type as ExploitGuardNetworkProtectionBlocked. The event info says that the URL is blocked as Custom Policy by ASR. ...
AnuragSrivastava We have had various legit domains (e.g. zoom.us which is a sanctioned meeting tool) blocked at random for different users at different times.
This is even when domains are explicitly allowed in MDATP Security Center.
MS are continuing to troubleshoot, but it is seeming like an issue with SmartScreen URL lists rather than Defender/MCAS.
The inconsistency is not very assuring however.
Ah and we also had Outlook getting blocked at one point. Turned out MS had added officeclient.microsoft.com to the listed URLs of OneDrive (consumer) in MCAS, which are automatically passing to Defender to block... They have removed it now, but seemingly it is still an immature product.
sewtom So did you open ticket with Microsoft to fix the same? It would be good to know and understand what actually is the reason behind the blocking of these legit URLs and that too for just few users.
- Nope, the case has been ongoing for several weeks. Several things have been tried but we don't yet know the true cause. Will try to remember to update here when I know 🙂
You might see this if you are using the web content filtering in Defender for Endpoint. Check the web protection reports and you might see that URL being blocked by one of the web content filtering categories.
