![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 42%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELJ%3C/text%3E%3C/svg%3E)
Microsoft Edge | Other | Windows 11
Other issues or features related to Microsoft Edge on Windows 11
To remove or correct a “Malicious malware” block on a website that is known to be safe, use the SmartScreen false-positive process and, if applicable, Defender for Endpoint web protection controls.
- Confirm it is SmartScreen or Defender blocking the site
In Microsoft Edge, when the block page appears, check the text. If it mentions Microsoft Defender SmartScreen or shows a red security warning page, it is a SmartScreen/Defender reputation block. - If you are the website owner
Use the built-in appeal link on the block page:- On the SmartScreen block page in Edge, under More information, select Report that this site doesn't contain (malware/phishing) threats.
- Submit the requested details and wait for the confirmation email from the SmartScreen Reputation Group.
- If the issue is urgent or you need follow-up, reply to that email to provide more context or request status.
- If you are not the website owner
- Contact the site owner and ask them to submit the false-positive report using the Report that this site doesn't contain (malware/phishing) threats link on the block page.
- Optionally, both you and the site owner can submit the URL or any related files for analysis via the WDSI file submission portal. For process details, see Submit files for analysis.
- If Defender for Endpoint Web Protection / Web Content Filtering is in use
In managed (business) environments, the block might come from Defender for Endpoint policies:- Web protection and SmartScreen can block sites based on reputation (malicious, phishing, C2, etc.).
- If Web Content Filtering (WCF) is blocking the domain, an administrator can override it:
- Go to the Domains tab in the WCF reports.
- Use the ellipsis (…) next to the domain and choose Dispute Category or configure an Allow indicator for that domain.
- For SmartScreen-based determinations in network protection, admins can review the category (phishing, malicious, C2, untrusted, or custom policy) and adjust policies or custom allow lists as appropriate.
- Prevent future false blocks on your own site (if you own it)
To reduce the chance of SmartScreen or Defender flagging the site again:- Ensure HTTPS is enabled and a valid certificate is used.
- Block iframes from loading unknown third-party content.
- Use Content Security Policy (CSP) and other secure response headers.
- Regularly scan the site for WebShells, trojans, and suspicious uploaded files.
- Maintain stable hosting/DNS and good domain reputation.
- If the block is from network protection “warn” mode
In some Defender for Endpoint configurations, unknown/uncertain reputation sites are set to Audit/Warn:- A toast notification appears with options Ok, Unblock, and Feedback.
- Selecting Unblock allows access for 24 hours; after that, the block re-applies unless an admin changes policy.
- Use Feedback to send a request to the admin to review and allow the site permanently.
These steps do not disable protection globally; they correct the reputation or policy for a specific site that is believed to be safe.
References: