cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange ATP SafeLinks - Blocking sites not in the block list

robert grahame
Copper Contributor

‎Mar 05 2018 02:52 AM

‎Mar 05 2018 02:52 AM

Exchange ATP SafeLinks - Blocking sites not in the block list

We have an issue where ATP is blocking emailed links and giving the "This website has been classified as malicious." message, but the site is not on the block list, and we are not scanning downloads.

How can we (a) find out why it is doing this and (b) stop it doing it if the site is not malicious?

I'm pretty sure the ATP blocked links are clean - respected website, not blacklisted anywhere ever, scans with all the usual tools show up nothing, our main web content filter says the links are all OK (and that is usually pretty paranoid).

6,438 Views
0 Likes
3 Replies
Reply
3 Replies
Pablo R. Ortiz

‎Mar 05 2018 05:10 AM

‎Mar 05 2018 05:10 AM

Re: Exchange ATP SafeLinks - Blocking sites not in the block list

Check safe links policies in Exchange online admin center. You may have modified the default policy, or created a new custom policy, maybe blocking "potentially malicious URLs"

https://docs.microsoft.com/en-us/office365/enterprise/advanced-threat-protection-for-your-office-365...

0 Likes
Reply
robert grahame

‎Mar 05 2018 06:30 AM

‎Mar 05 2018 06:30 AM

Re: Exchange ATP SafeLinks - Blocking sites not in the block list

We do indeed check against the list of potentially malicious URLs, and prevent clickthough, but the URLs being blocked are not in that list (even when I parse the wildcards to ensure it isn't matching a poorly written entry by accident). I can't figure out why they are being blocked. Most are fine, just this one set, all connected to a specific organisation (who publish transportation industry newsletters).

Odd!

0 Likes
Reply
Pablo R. Ortiz

‎Mar 05 2018 07:27 AM - edited ‎Mar 05 2018 07:30 AM

‎Mar 05 2018 07:27 AM - edited ‎Mar 05 2018 07:30 AM

Re: Exchange ATP SafeLinks - Blocking sites not in the block list

Please take into account that blocked URLs in the Default policy, are not the same as "Potentially malicious URLs" option that appears in custom policies (a different list of policies, at the bottom of the page). The latter uses URL Detonation, threat intelligence Technology:

https://blogs.office.com/en-us/2017/01/25/evolving-office-365-advanced-threat-protection-with-url-de...

In custom policies, you can block "Potentially malicious URLs" and then whitelist the URLs that you want.

0 Likes
Reply