cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Threat Management - Messages submitted for review still considered Phishing after review?

NicoRotaryCH
Copper Contributor

‎Jun 26 2021 07:43 AM - last edited on ‎Feb 07 2023 08:08 PM by

‎Jun 26 2021 07:43 AM - last edited on ‎Feb 07 2023 08:08 PM by

Threat Management - Messages submitted for review still considered Phishing after review?

Hi

I have two legitimate message from sender at the largest Swiss ISP bluewin.ch that are considered "High Confidence Phish" and where thus quarantined. 

I reported them as wrongly quarantined but the status is "Should have been blocked. Use your organizational settings to allow similar messages in the future."

After manual checking the messages I couldn't find any reason why those messages should be considered phishing. (Looking at one message I see: SPF pass, conversation between a group of people (multiple previous messages), no links where URL and text would contradict - the only issue are some embedded pictures (cid:image...@...) not being shown because one email client in the "chain" probably wasn't Outlook-compatible)

This creates a real problem for our organization because users have no option to realize that they have missed messages.

I want to avoid to modify filters and wonder what steps you recommend.

Thank you

Labels:
4,404 Views
2 Likes
3 Replies
Reply
3 Replies
best response confirmed by NicoRotaryCH (Copper Contributor)
pvanberlo

‎Jun 27 2021 01:17 PM

‎Jun 27 2021 01:17 PM

Solution

Re: Threat Management - Messages submitted for reviewe still considered Phishing after review?

If you have already submitted them as false positives and nothing came out of this, all I can think of right now would be to open a support case with Microsoft to see if they can clarify why they consider these emails as high confidence phish. Something else might be going on of course, but based on what you've stated above I cannot think of any reason why they'd be marked as high confidence phishing emails.
0 Likes
Reply
saifmuntaseer

‎Jul 06 2021 02:12 AM

‎Jul 06 2021 02:12 AM

Re: Threat Management - Messages submitted for review still considered Phishing after review?

It will not affect immediately. How long you have waited after submission? If it's more than two weeks raise a support ticket and ask an explanation.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by NicoRotaryCH (Copper Contributor)
pvanberlo

‎Jun 27 2021 01:17 PM

‎Jun 27 2021 01:17 PM

Solution

Re: Threat Management - Messages submitted for reviewe still considered Phishing after review?

If you have already submitted them as false positives and nothing came out of this, all I can think of right now would be to open a support case with Microsoft to see if they can clarify why they consider these emails as high confidence phish. Something else might be going on of course, but based on what you've stated above I cannot think of any reason why they'd be marked as high confidence phishing emails.

View solution in original post

0 Likes
Reply