Microsoft has acknowledged issues with its enterprise-level security software, Microsoft Defender, which has been generating a large number of false positives, incorrectly flagging legitimate files and URLs as malicious. The issue, which has caused confusion and disruption to business operations, was confirmed by Microsoft 365 Status in a recent announcement.
The false positives generated by Microsoft Defender have led to administrators receiving a significant volume of interception notifications. While false positives on their own can be a nuisance, they have had a direct impact on business communication in some cases. Some enterprises have reported that emails sent externally from within the organization appear to have been delivered, but clients have not received them. Investigation of the logs revealed that links contained within the emails were mistakenly flagged by Microsoft Defender, resulting in the emails being intercepted.
The issue is not a new one, as reports suggest that it has been occurring for several days, but it is only now that Microsoft has begun to investigate the matter. Microsoft has stated that it is currently reviewing service telemetry data to identify the root cause of the error and implement necessary fixes.
False positives with Microsoft Defender are not an uncommon occurrence. In previous incidents, the security software has mistakenly flagged Google Chrome’s installer, as well as Microsoft’s own Office suite, as malicious. Furthermore, the issue extends beyond enterprise users, as Windows 10/11 users with Microsoft Defender have also experienced false positives that have led to the blocking of legitimate software.
The current issue appears to only affect enterprises, and IT administrators can review tracking report number DZ534539 in the Microsoft 365 Admin Center for further information. Microsoft is actively working to address the issue and provide a resolution to affected businesses.
It is essential for security software to strike a balance between detecting and mitigating genuine threats while minimizing false positives, as the latter can lead to disruptions and inefficiencies in business processes. Enterprises and users alike will be monitoring Microsoft’s response to this incident and its commitment to improving the reliability of Microsoft Defender.