Microsoft Defender goes on false positive spree (Fixed)

Kevin Okemwa

Updated on:

turn off microsoft defender

If you happen to receive a ton of notifications today from Microsoft Defender indicating that it has detected a virus threat, there’s a likelihood that this isn’t the case. Today morning, several users have lodged reports indicating that they have received several notifications from the tool indicating that it has detected malware.

However, this isn’t the case. These are legitimate URL links that the service has mistakenly marked as malicious.

Microsoft has already acknowledged the issue via its Microsoft 365 Status account on Twitter and has further indicated that it’s investigating the matter. Some users have also reported that they are unable to launch the alerts and incidents page.

After investigations, Microsoft narrowed down the issue to recent enhancements it had made to the SafeLinks feature which in turn caused Microsoft Defender to register the new additions as malware, thus causing it to send out false alerts to users. The company has since reverted these enhancements and has patched the issue.

The SafeLinks feature is designed to provide URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages, Teams messages, and other locations.

Let us know if you’re still encountering this issue in the comments.