SOLVED
Home

Requesting a review of a blocked link - Safe Links Advanced Threat Protection

%3CLINGO-SUB%20id%3D%22lingo-sub-45423%22%20slang%3D%22en-US%22%3ERequesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45423%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20receive%20several%20emails%26nbsp%3Bfrom%20companies%20that%20use%20a%20particular%20click%20counting%20service%20that%20appears%20to%20have%20been%20flagged%20as%20malicious%26nbsp%3Bby%20Advanced%20Threat%20Protection.%20Is%20there%20a%20way%20for%20me%20to%20request%20that%20the%20links%20be%20reviewed%20to%20verify%20that%20the%20site%20is%20hosting%20malicious%20code%20and%20if%20not%26nbsp%3Bfor%20the%20block%20to%20be%20changed%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-45423%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-220526%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-220526%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Microsoft%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20updates%20on%20this%20%3F%20It%20would%20be%20efficient%2C%20office%20365%20wise%2C%20to%20have%20a%20place%20where%20to%20submit%20safe%20links%20false%20positives.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-172356%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172356%22%20slang%3D%22en-US%22%3E%3CP%3EUnderstood%2C%20and%20I%20agree%2C%20it%20would%20be%20great%20to%20have%20a%20place%20to%20refer%20the%20companies%20I%20have%20to%20whitelist%20to%20for%20larger%20resolution%20with%20MS%20as%20a%20whole.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-172354%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172354%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20whitelist%20is%20only%20good%20for%20the%20organization%20you%20admin%20for.%20The%20solution%20we%20are%20seeking%20is%20across%20all%20of%20Office%20365%20and%20Outlook.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-172288%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172288%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20add%20them%20to%20a%20whitelist%20that%20will%20not%20get%20rewritten%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fset-up-a-custom-do-not-rewrite-urls-list-using-office-365-atp-safe-links-35dbfd99-da5a-422b-9b0e-c6caf3b645fa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fset-up-a-custom-do-not-rewrite-urls-list-using-office-365-atp-safe-links-35dbfd99-da5a-422b-9b0e-c6caf3b645fa%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-171113%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-171113%22%20slang%3D%22en-US%22%3EOn%20a%20similar%20note%2C%20it%20would%20be%20useful%20to%20know%20how%20to%20flag%20a%20link%20as%20being%20'unsafe'%20-%20we've%20had%20a%20spate%20of%20emails%20recently%20that%20contain%20links%20that%20are%20clearly%20phishing%20for%20the%20user's%20O365%20login%20but%20which%20are%20not%20being%20picked%20up%20by%20ATP%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166346%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166346%22%20slang%3D%22en-US%22%3ESame%20question%20from%20me%20please%20-%20got%20a%20link%20that%20no%20other%20phishing%2Fmalware-check%20is%20reporting%20as%20being%20a%20problem%20and%20we're%20pretty%20sure%20the%20email's%20provenance%20is%20good...%20but%20no%20way%20we%20can%20see%20of%20reporting%2Fchecking%20with%20Microsoft%20to%20find%20out%20why%20it's%20being%20flagged.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-165616%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165616%22%20slang%3D%22en-US%22%3E%3CP%3ESorry%20to%20resurrect%20a%20dead%20thread%2C%20but%20we%20are%20having%20the%20same%20problem%20as%20Jimmy%20with%20ATP%20%22Safe%20Links%22%20reporting%20a%20legit%20website%20as%20dangerous%2Fmalware%2Fphishing.%20I%20have%20searched%20but%20have%20not%20found%20a%20place%20to%20report%20and%20resolve%20this%20false%20positive%3F%20Any%20ideas%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20site%20is%20not%20flagged%20by%20SmartScreen%20in%20Edge%2C%20so%20I'm%20unable%20to%20file%20a%20report%20there.%20The%20warning%20only%20appears%20in%20Outlook.com%20and%20Office%20365%20when%20a%20link%20to%20our%20site%20is%20clicked.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20any%20pointers!%3C%2FP%3E%0A%3CP%3EJonathan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-63040%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-63040%22%20slang%3D%22en-US%22%3E%3CP%3EI%20dont%20think%20there's%20a%20special%20place%20for%20Safe%20Links%2C%20but%20I%20can%20at%20least%20ask%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-62938%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-62938%22%20slang%3D%22en-US%22%3EDusting%20this%20off%2C%20I've%20got%20the%20same%20question%2C%20i'd%20like%20to%20confirm%20that%20you%20are%20referring%20to%20the%20%22Malware%20Protection%20Center%22%20(%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fportal%2Fsubmission%2Fsubmit.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fportal%2Fsubmission%2Fsubmit.aspx%3C%2FA%3E)%20--%20it%20seems%20maybe%20that%20is%20specifically%20for%20ATP%20Safe%20Attachments%2C%20rather%20than%20safe%20links%20(though%20maybe%20I%20am%20reading%20it%20wrong).%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20also%20a%20place%20for%20reporting%20missed%20URLs%2C%20but%20I%20dont%20see%20the%20one%20specifically%20for%20URLs%20that%20are%20for%20false%20positives%20for%20Safe%20Links.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45481%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45481%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you.%26nbsp%3BI%20had%20probably%20seen%20that%20before%20but%20forgot%20it%20was%20there.%20I'm%20not%20really%20sure%20why%20Microsoft%20support%20could%20not%20have%20pointed%20me%20there.%26nbsp%3BI%20did%20one%20final%20check%20before%20sending%20in%20the%20URL's%20and%20they%20are%20no%20longer%20flagged%20as%20malicious.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45453%22%20slang%3D%22en-US%22%3ERe%3A%20Requesting%20a%20review%20of%20a%20blocked%20link%20-%20Safe%20Links%20Advanced%20Threat%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45453%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20read%20the%20last%20item%20in%20the%20FAQ%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fmt789012(v%3Dexchg.150).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fmt789012(v%3Dexchg.150).aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWell%2C%20read%20the%20whole%20FAQ%2C%20it's%20great!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jimmy Comer
New Contributor

We receive several emails from companies that use a particular click counting service that appears to have been flagged as malicious by Advanced Threat Protection. Is there a way for me to request that the links be reviewed to verify that the site is hosting malicious code and if not for the block to be changed?

11 Replies
Solution

Yes, read the last item in the FAQ here: https://technet.microsoft.com/en-us/library/mt789012(v=exchg.150).aspx

 

Well, read the whole FAQ, it's great! :)

Thank you. I had probably seen that before but forgot it was there. I'm not really sure why Microsoft support could not have pointed me there. I did one final check before sending in the URL's and they are no longer flagged as malicious.

Dusting this off, I've got the same question, i'd like to confirm that you are referring to the "Malware Protection Center" (https://www.microsoft.com/security/portal/submission/submit.aspx) -- it seems maybe that is specifically for ATP Safe Attachments, rather than safe links (though maybe I am reading it wrong).

There is also a place for reporting missed URLs, but I dont see the one specifically for URLs that are for false positives for Safe Links.

I dont think there's a special place for Safe Links, but I can at least ask :)

Sorry to resurrect a dead thread, but we are having the same problem as Jimmy with ATP "Safe Links" reporting a legit website as dangerous/malware/phishing. I have searched but have not found a place to report and resolve this false positive? Any ideas?

 

The site is not flagged by SmartScreen in Edge, so I'm unable to file a report there. The warning only appears in Outlook.com and Office 365 when a link to our site is clicked.

 

Thanks for any pointers!

Jonathan

Same question from me please - got a link that no other phishing/malware-check is reporting as being a problem and we're pretty sure the email's provenance is good... but no way we can see of reporting/checking with Microsoft to find out why it's being flagged.
On a similar note, it would be useful to know how to flag a link as being 'unsafe' - we've had a spate of emails recently that contain links that are clearly phishing for the user's O365 login but which are not being picked up by ATP

The whitelist is only good for the organization you admin for. The solution we are seeking is across all of Office 365 and Outlook.

Understood, and I agree, it would be great to have a place to refer the companies I have to whitelist to for larger resolution with MS as a whole. 

Hi Microsoft,

 

Do you have any updates on this ? It would be efficient, office 365 wise, to have a place where to submit safe links false positives.

 

Thanks in advance!

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies