Content blocked by IT Admin

Copper Contributor

I am the IT Admin and I keep seeing this Windows Security pop up notification on my system about blocking I do not have this installed nor can I find anything about it in the registry. How can I find and remove this completely to stop these notifications? Driving me crazy....OqJT1pBqeV.png

10 Replies
best response confirmed by Blacksuit2375 (Copper Contributor)
You should be able to see which process is trying to access this URL, if you look at the Defender Antivirus event logs.

Thank you for that, not sure why that did not cross my brain.

Your IT administrator has caused Microsoft Defender Exploit Guard to block a potentially dangerous network connection.
Detection time: 2023-04-26T17:53:10.186Z
User: S-1-5-21-2782793070-3870463569-1119993492-1603
Process Name: chrome.exe
Now I will look at how to remove it or stop it from going again.

@Blacksuit2375 did you make any progress on this to remove it or stop it from happening?



I have made ZERO progress on this issue. I even posted to Google and have not received any help thus far...this annoys the hell out of me! I know it is Chrome because it doesn't pop up when it is closed, only when Chrome is open.

@Blacksuit2375 We are encountering the same issue. Have you heard anything back from Google? How did you solve / avoid the problem?



I wish I could provide you answers but Google nor anyone else has been able to assist me with this literally drives me insane!



Not sure if it helps but I recently had issues with the 'content blocked by IT Admin' notifications and tracked it down to the Defender for Endpoint's web content filter. I found through the Reports > Web protection that the site is considered a 'chat' related site so if your content filter rule has the chat category blocked, this could be the cause. You can either add an exception for that site via the indicators section or allow the chat category to stop the notifications. If you're not using the content filter, I would also suggest checking the attack surface reduction rule called 'network protection.'

I'm still trying to determine what is exactly and finding mixed results on the web. Seems to be a now-defunct google service but as you observed, chrome is trying to reach it. I would assume any google related product or service could be for that matter.

thank you. how do we stop this pop-up? any suggestions please.. am okay to block these web sites based on MCAS settings..

@sivCISOTo stop the pop-up, you would either need to exclude the particular offending web content filter category/ies from your web content filter policy (this would be determined by the web content filter reports) or if you want to just exclude individual URLs, you'll do this through > Settings > Endpoints > Indicators (under the Rules section.)


As noted above, if you're not using web content filter, then you should look at your attack surface reduction rule called Network protection.


Hope that helps!

Dear All, Thank you for responding to my queries. quite useful. Some more insight to this ask:
1. We "Unsactioned" these apps/website domains as part of MCAS implentation
2. While we block these, we would like to have a silent blocking, instead of popping up the alert everytime

Any settings that can be applied thru intune/GPOs, will be really helpful