cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Content blocked by IT Admin

Blacksuit2375
Copper Contributor

‎Apr 20 2023 05:26 PM

‎Apr 20 2023 05:26 PM

Content blocked by IT Admin

I am the IT Admin and I keep seeing this Windows Security pop up notification on my system about blocking mtalk.google.com. I do not have this installed nor can I find anything about it in the registry. How can I find and remove this completely to stop these notifications? Driving me crazy....OqJT1pBqeV.png

5,334 Views
0 Likes
10 Replies
Reply
10 Replies
best response confirmed by Blacksuit2375 (Copper Contributor)
Jonhed

‎Apr 21 2023 06:50 AM

‎Apr 21 2023 06:50 AM

Solution

Re: Content blocked by IT Admin

You should be able to see which process is trying to access this URL, if you look at the Defender Antivirus event logs.
0 Likes
Reply
Blacksuit2375

‎Apr 26 2023 11:06 AM

‎Apr 26 2023 11:06 AM

Re: Content blocked by IT Admin

Jonhed,

Thank you for that, not sure why that did not cross my brain.

Your IT administrator has caused Microsoft Defender Exploit Guard to block a potentially dangerous network connection.
Detection time: 2023-04-26T17:53:10.186Z
User: S-1-5-21-2782793070-3870463569-1119993492-1603
Destination: https://mtalk.google.com
Process Name: chrome.exe
Now I will look at how to remove it or stop it from going again.
0 Likes
Reply
Ymiller7

‎Jul 18 2023 09:16 PM

‎Jul 18 2023 09:16 PM

Re: Content blocked by IT Admin

@Blacksuit2375 did you make any progress on this to remove it or stop it from happening?

0 Likes
Reply
Blacksuit2375

‎Jul 18 2023 10:17 PM

‎Jul 18 2023 10:17 PM

Re: Content blocked by IT Admin

@Ymiller7 

 

I have made ZERO progress on this issue. I even posted to Google and have not received any help thus far...this annoys the hell out of me! I know it is Chrome because it doesn't pop up when it is closed, only when Chrome is open.

0 Likes
Reply
RapRut

‎Aug 22 2023 03:43 AM

‎Aug 22 2023 03:43 AM

Re: Content blocked by IT Admin

@Blacksuit2375 We are encountering the same issue. Have you heard anything back from Google? How did you solve / avoid the problem?

0 Likes
Reply
Blacksuit2375

‎Aug 22 2023 09:34 AM

‎Aug 22 2023 09:34 AM

Re: Content blocked by IT Admin

@RapRut 

 

I wish I could provide you answers but Google nor anyone else has been able to assist me with this issue...it literally drives me insane!

0 Likes
Reply
beewolf16

‎Sep 14 2023 12:52 PM

‎Sep 14 2023 12:52 PM

Re: Content blocked by IT Admin

@Blacksuit2375 

 

Not sure if it helps but I recently had issues with the 'content blocked by IT Admin' notifications and tracked it down to the Defender for Endpoint's web content filter. I found through the Reports > Web protection that the mtalk.google.com site is considered a 'chat' related site so if your content filter rule has the chat category blocked, this could be the cause. You can either add an exception for that site via the indicators section or allow the chat category to stop the notifications. If you're not using the content filter, I would also suggest checking the attack surface reduction rule called 'network protection.'

I'm still trying to determine what mtalk.google.com is exactly and finding mixed results on the web. Seems to be a now-defunct google service but as you observed, chrome is trying to reach it. I would assume any google related product or service could be for that matter.

0 Likes
Reply
sivCISO

‎Sep 21 2023 12:15 AM

‎Sep 21 2023 12:15 AM

Re: Content blocked by IT Admin

thank you. how do we stop this pop-up? any suggestions please.. am okay to block these web sites based on MCAS settings..
0 Likes
Reply
beewolf16

‎Sep 26 2023 01:32 PM - edited ‎Sep 26 2023 01:36 PM

‎Sep 26 2023 01:32 PM - edited ‎Sep 26 2023 01:36 PM

Re: Content blocked by IT Admin

@sivCISOTo stop the pop-up, you would either need to exclude the particular offending web content filter category/ies from your web content filter policy (this would be determined by the web content filter reports) or if you want to just exclude individual URLs, you'll do this through security.microsoft.com > Settings > Endpoints > Indicators (under the Rules section.)

 

As noted above, if you're not using web content filter, then you should look at your attack surface reduction rule called Network protection. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection...

 

Hope that helps!

0 Likes
Reply
sivCISO

‎Sep 26 2023 10:27 PM

‎Sep 26 2023 10:27 PM

Re: Content blocked by IT Admin

Dear All, Thank you for responding to my queries. quite useful. Some more insight to this ask:
1. We "Unsactioned" these apps/website domains as part of MCAS implentation
2. While we block these, we would like to have a silent blocking, instead of popping up the alert everytime

Any settings that can be applied thru intune/GPOs, will be really helpful

Thanks
siva
0 Likes
Reply