Share via

A potentially malicious URL click was detected

Imtiyaz Khan 0 Reputation points
2023-01-23T08:31:11.6433333+00:00

Hi support,

We have received an alert "A potentially malicious URL click was detected" on 1 of the endpoints. We ran Full AV scan on the system but nothing was found.

Few things we need to check with you and need support:

1- Why the timeline says the link was clicked?
2- Why was this link classified as malicious?

Please have a look and let us know.

Thanks,
Imtiyaz Khan

Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Microsoft 365 and Office | Development | Microsoft 365 Publishing
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-01-30T09:36:00.78+00:00

    Hi @Imtiyaz Khan,

    Thanks for reaching out and apologies for delay in response.

    I understand that you have concern on A potentially malicious URL click was detected.

    The current default alert policy generates an alert on URL clicks for specific scenarios, including the primary scenario of verdict change.

    It also checks for any clicks in the past 48 hours from the time the malicious URL verdict is identified and generates alerts for the clicks that happened in the 48-hour timeframe for that malicious link. This alert automatically triggers automated investigation and response in Office 365.

    Reference: https://learn.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

    If you require further troubleshooting on this scenario, we can then open support ticket for you.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.