User Profile

CallumDomanski-Tuckey

Copper Contributor

Joined 2 years ago

1 Post

View All Badges

User Widgets

Recent Discussions

Microsoft Defender Email Investigation
Hello, I have been doing an investigation into some emails being blocked by our Threat Investigation AIR, and from what I can gather, the issue is this: When a customer has an email signature containing Tel:0000000, Defender believes this is a phishing URL, but when examining this, it's not. It's just a handler to open the telephone number. Q: why does it do this - Shouldn't defender know it's just a Handler with a legit URL? Q: Why does it get converted into a Bing link ? Q: Can I white list just the first part of the URL -https://www.bing.com/ck/a? Regards, Callum
Jan 24, 2023 Place Microsoft Defender XDR
automation
1.1KViews
0likes
0Comments

Groups

Recent Blog Articles

No content to show