Find source of potential security concern detected by Microsoft Office

Question

Find source of potential security concern detected by Microsoft Office

George Sinkinson 0

With Windows 10 Home 22H2 and Outlook 2019

I would like to find the source of emails showing in Outlook that display a notice that
Microsoft Office has identified a potential security concern.

While the content is always the same, varying Subject and Sender are used.
In most cases it appears that this involves a malformed URL.

The location indicated in the Security Notices begins with ttp://***/
it seems to be missing the h in http

What is truly odd is that this only occurs in Outlook, while when viewed in a browser,
it displays valid content.

I have deleted cache everywhere, repaired Outlook, used scanpst, and reinstalled Office 2019.

I tend to think it has something to do with the Office security mechanism, but I have no idea where to start looking.

An example Notice:
OutlookSecurity1

The email in a browser:

User's image

The constant email content:
User's image

3 answers

Your answer

Answer 1

Keale 95

If there is only one email with this prompt, I suggest you ignore it. Due to several reasons, this URL appears suspicious: it has a long and random looking string that can be used to mask malicious destinations. It uses the. xyz domain, which is usually associated with spam or phishing websites It does not match the sender's domain or the context of the email. Therefore, I suggest that you do not click on this link or provide any personal information on the webpage. Clicking on such a link may cause the installation of malicious software on your computer or damage to your data.

George Sinkinson 0 Reputation points

2024-01-11T22:34:51.82+00:00

The problem still exists. I worked with Diane Poremsky to try to fix it.
Did everything I could on my end:
Created new Profile, Account, and Data file. Ran a repair on Outlook - nothing reported. Ran sfc /scannow - nothing reported.
SokiGuo-MSFT 31,551 Reputation points Microsoft External Staff

2024-01-18T08:19:26.4466667+00:00

Hi

What does it mean that you want to discard an email with security issues?

Is it to filter the problematic emails directly?

This article may be helpful to you: https://support.microsoft.com/en-us/office/change-the-level-of-protection-in-the-junk-email-filter-e89c12d8-9d61-4320-8c57-d982c8d52f6b
George Sinkinson 0 Reputation points

2024-01-18T20:44:02.4266667+00:00
I'm interested in 2 things.

Where is the graphic reference to OneDrive coming from.
Is it being delivered with each e-mail, or is it something stored in cache somewhere on my PC.

I would like to filter/redirect these emails to a specific folder.
Keale 95 Reputation points

2024-01-22T03:08:13.0733333+00:00

This cannot be found as it may be a junk email. If possible, its suggest that you directly contact this user through other means. If you want to filter or redirect emails, please set relevant rules to transfer to specific emails. In addition, for junk detection, you can set protection levels or secure senders. But it cannot be completely avoided because junk emails are diverse and complex, and cannot be fully recognized. All we can do is not click on potential links casually.
George Sinkinson 0 Reputation points

2024-01-22T16:43:37.2533333+00:00

I was curious because over 30 different emails displayed he same OneDrive reference. And since each email displayed a different address and subject, just how would you set up a 'relevant rule'?
Keale 95 Reputation points

2024-01-23T16:16:10.66+00:00

Based on your description, it seems that you have encountered advertising spam. If there are rules set, create rules in the navigation bar and select OneDrive with the keyword. Another way is to block these senders and their domain names in the junk options and report these emails. All we can do to avoid spam is not to randomly click on links to prevent personal privacy or property security.
SokiGuo-MSFT 31,551 Reputation points Microsoft External Staff

2024-01-30T02:29:34.35+00:00

Hi @George Sinkinson

I am writing to see how everything is going on with this thread. Should you need more help on this, you can feel free to post back.

Answer 2

Hi @George Sinkinson

Based on the image you sent, it seems that you are receiving security notices from Microsoft Office about potential unsafe links in your emails. The notice that Microsoft Office has identified a potential security concern is a security feature that warns you about potential risks from opening or running files or links that may contain malicious code or viruses. It is not necessarily an indication of malicious software, but it is a precautionary measure to protect your system and data.

To investigate further, it may be necessary to look at the email headers and source code to identify any hidden or embedded elements that may be causing this issue. In addition, check the security settings and filters in Outlook.

You can do this by clicking on File > Options > Trust Center > Trust Center Settings. For more detailed instructions, please refer to: https://thegeekpage.com/microsoft-office-has-identified-a-potential-security-concern/. (Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)

User's image

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

George Sinkinson 0

Thank you for your response - I learned a lot of new things.

I applied the fixes indicated in the link
https://thegeekpage.com/microsoft-office-has-identified-a-potential-security-concern/

It didn't make any difference, even after restarting Office.

My guess is that the security notice is being triggered by the malformed url - missing the 'h' in 'http'.
Opening in a browser yields:

BrowserView

Where does the https reference come from? Is it coming from Office Security or the Sender?
It seems to be the same weird reference with all the different email senders.

Is there some way I can set up a mechanism that discards emails with security concerns?

SokiGuo-MSFT 31,551 Reputation points Microsoft External Staff

2024-01-08T06:12:32.86+00:00

Hi

Thanks for your reply!

Can you be sure that the content that emails you is sent is safe?

Do users within your organization have the same issue?

An HTTPS reference is a link to an external file or website that a document contains. It may come from the sender or from Office Security, depending on the source of the document and the settings of the Office program.

Also, I noticed that this user shared a pdf document from OneDrive to you. According to my research, the addresses for security tips are all complete under normal circumstances. Because it has a strange domain name and a long list of random characters. This could be a phishing or malware attempt, so it is recommended that you should be careful not to open it or any similar links.

If you can be sure that this content is safe, you can disable this notification by modifying the registry， follow the instructions in the article Enable or disable hyperlink warning messages in Office programs.

HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common\security
DWORD: DisableHyperlinkWarning
Value: 1
SokiGuo-MSFT 31,551 Reputation points Microsoft External Staff

2024-01-11T09:40:53.7833333+00:00

Hi @George Sinkinson

Is there any update on this case?

Please feel free to drop us a note if there is any update.

Share via

Find source of potential security concern detected by Microsoft Office

3 answers

Your answer