Forum Discussion
Content blocked by IT Admin
- You should be able to see which process is trying to access this URL, if you look at the Defender Antivirus event logs.
Not sure if it helps but I recently had issues with the 'content blocked by IT Admin' notifications and tracked it down to the Defender for Endpoint's web content filter. I found through the Reports > Web protection that the mtalk.google.com site is considered a 'chat' related site so if your content filter rule has the chat category blocked, this could be the cause. You can either add an exception for that site via the indicators section or allow the chat category to stop the notifications. If you're not using the content filter, I would also suggest checking the attack surface reduction rule called 'network protection.'
I'm still trying to determine what mtalk.google.com is exactly and finding mixed results on the web. Seems to be a now-defunct google service but as you observed, chrome is trying to reach it. I would assume any google related product or service could be for that matter.
MicrosoftI hate to necro a thread two years later, but the issue is that ages ago, mtalk.google.com was a domain used for a Google instant messaging app. Nowadays, Chromium uses it internally for "Google Cloud Messaging" so just booting Chrome can hit that domain.
https://source.chromium.org/chromium/chromium/src/+/main:google_apis/gcm/engine/gservices_settings.cc;drc=0c1b535076e36622eec39515761eb72d81c04db0;l=33
To workaround this notification if you are blocking Instant Messaging category with Defender WCF you can create an explicit "Allow" indicator for the domain.