Content blocked by IT Admin

Copper Contributor

I am the IT Admin and I keep seeing this Windows Security pop up notification on my system about blocking I do not have this installed nor can I find anything about it in the registry. How can I find and remove this completely to stop these notifications? Driving me crazy....OqJT1pBqeV.png

16 Replies
best response confirmed by Blacksuit2375 (Copper Contributor)
You should be able to see which process is trying to access this URL, if you look at the Defender Antivirus event logs.

Thank you for that, not sure why that did not cross my brain.

Your IT administrator has caused Microsoft Defender Exploit Guard to block a potentially dangerous network connection.
Detection time: 2023-04-26T17:53:10.186Z
User: S-1-5-21-2782793070-3870463569-1119993492-1603
Process Name: chrome.exe
Now I will look at how to remove it or stop it from going again.

@Blacksuit2375 did you make any progress on this to remove it or stop it from happening?



I have made ZERO progress on this issue. I even posted to Google and have not received any help thus far...this annoys the hell out of me! I know it is Chrome because it doesn't pop up when it is closed, only when Chrome is open.

@Blacksuit2375 We are encountering the same issue. Have you heard anything back from Google? How did you solve / avoid the problem?



I wish I could provide you answers but Google nor anyone else has been able to assist me with this literally drives me insane!



Not sure if it helps but I recently had issues with the 'content blocked by IT Admin' notifications and tracked it down to the Defender for Endpoint's web content filter. I found through the Reports > Web protection that the site is considered a 'chat' related site so if your content filter rule has the chat category blocked, this could be the cause. You can either add an exception for that site via the indicators section or allow the chat category to stop the notifications. If you're not using the content filter, I would also suggest checking the attack surface reduction rule called 'network protection.'

I'm still trying to determine what is exactly and finding mixed results on the web. Seems to be a now-defunct google service but as you observed, chrome is trying to reach it. I would assume any google related product or service could be for that matter.

thank you. how do we stop this pop-up? any suggestions please.. am okay to block these web sites based on MCAS settings..

@SCIOTo stop the pop-up, you would either need to exclude the particular offending web content filter category/ies from your web content filter policy (this would be determined by the web content filter reports) or if you want to just exclude individual URLs, you'll do this through > Settings > Endpoints > Indicators (under the Rules section.)


As noted above, if you're not using web content filter, then you should look at your attack surface reduction rule called Network protection.


Hope that helps!

Dear All, Thank you for responding to my queries. quite useful. Some more insight to this ask:
1. We "Unsactioned" these apps/website domains as part of MCAS implentation
2. While we block these, we would like to have a silent blocking, instead of popping up the alert everytime

Any settings that can be applied thru intune/GPOs, will be really helpful

Hi All,
I get the same error with and nothing shows in Defender Logs.
Any ideas?

@Blacksuit2375 This started on my main personal machine a while back (maybe August '23 or so?) after an update I think. I get it A LOT!! For all sorts of programs, the majority of which are from reputable companies, are "signed" and have been on my machine for ages. Admittedly, about half of them could potentially be security risks if installed or running unintentionally, such as NoMachine. The other half, I dunno why they trigger this warning. I've gone into Windows Security settings and created exceptions for many of them but it makes no difference, I still getting these notifications and it still keeps blocking my important software and I cannot find any place to turn it off. Likewise, Googling (and Binging) has return no useful results.  But apparently not too many people are having or reporting this problem.  It's annoying as heck and I want to disable it!  Also note that most of the programs I am getting this on are NOT web related.

Greetings, today I completely reset my computer, after which I encountered such a problem when entering the virus and threat protection section in the settings of my PC:

The page is not available

Your IT administrator has restricted access to some components of this application, so the item you are trying to access is not available. To learn more, contact IT support.
but I have no idea how to contact him, even if there is an answer, please help
For IT admins:
1. Open the Microsoft Endpoint Manager admin center and select Devices from the left sidebar.
2. From there, select Configuration profiles and click on Create profile.
In the Create a profile page, select Windows 10 and later then for profile:Settings Catalog, search for Windows Defender Security Center then select from the list Disable notification and enable it.
Push it on all devices or create a device group as you wish.

@MariusSusma So based on your post, it would seem that my "content blocked" problem is being caused by Endpoint Manager, aka InTune.  Very plausible since it started around the time I installed Office 365, using the license (with their permission) of a tiny company that I sometimes help with IT issues.  So I am the admin.  Their license level is just Business Standard which best as I can determine does not include Endpoint Manager/InTune.  So how the heck did it get on my machine?  I was able to log into the InTune admin center under that account (even though they don't have it?) but was unable to do anything.  Cannot add a device or policy or change anything.  All options are either grayed out or returns a "Something went wrong" error message.
Furthermore, it has now decided it wants to block the driver installers for my AMD graphics card and my fingerprint reader and as I mentioned above, adding an exception to Windows Security does not stop it from blocking them.
So now I'm really pissed!  How do I uninstall this #$%& security program that I did not ask for, did not grant permission to, and do not want!  It is annoying as heck and now interfering with the proper use of my machine!

1 best response

Accepted Solutions
best response confirmed by Blacksuit2375 (Copper Contributor)
You should be able to see which process is trying to access this URL, if you look at the Defender Antivirus event logs.

View solution in original post