Home

Office365 ATP - Phishing - Many false positives

%3CLINGO-SUB%20id%3D%22lingo-sub-1066464%22%20slang%3D%22en-US%22%3EOffice365%20ATP%20-%20Phishing%20-%20Many%20false%20positives%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1066464%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20are%20having%20many%20mails%20marked%20as%20phishing%20but%20just%20are%20not.%20It%20would%20not%20be%20that%20bad%20if%20these%20email%20would%20show%20up%20in%20the%20quarantine%20report%20and%20the%20users%20could%20release%20them.%3C%2FP%3E%3CP%3EBut%20the%20mails%20do%20not%20show%20up%20in%20the%20report%20nor%20the%20users%20can%20release%20them.%3C%2FP%3E%3CP%3EAs%20we%20cannot%20tell%20an%20Exchange%20admin%20%22it%20is%20your%20job%20now%20to%20check%20for%20false%20positives%20all%20day%22%20and%20i%20did%20not%20find%20that%20many%20threads%20about%20it%2C%20i%20wonder%20if%20there%20is%20something%20wrong%20with%20our%20configuration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20level%20for%20detection%20is%200.%20The%20least%20aggressive.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%26nbsp%3B%3C%2FP%3E%3CP%3EStephan%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1066464%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ephishing%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1071545%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20ATP%20-%20Phishing%20-%20Many%20false%20positives%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1071545%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20opened%20a%20ticket%20at%20Microsoft%20to%20further%20investigate%20our%20problem(s)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Stephan G
Contributor

Hi,

 

we are having many mails marked as phishing but just are not. It would not be that bad if these email would show up in the quarantine report and the users could release them.

But the mails do not show up in the report nor the users can release them.

As we cannot tell an Exchange admin "it is your job now to check for false positives all day" and i did not find that many threads about it, i wonder if there is something wrong with our configuration.

 

The level for detection is 0. The least aggressive.

 

Best regards 

Stephan

 

1 Reply
Highlighted

We opened a ticket at Microsoft to further investigate our problem(s)

Related Conversations