Share via

My website was falsely reported to Netcraft. Although the report was cleared after providing evidences, Microsoft Defender SmartScreen still shows a red-label warning.

Mile Lee 0 Reputation points
2026-03-13T05:27:33.7633333+00:00

Hello,

I am an employee at an Australian startup responsible for website system operations and maintenance. Our company website was suspected of being maliciously reported to netcraft.com by a competitor, leading to certain pages being flagged with red-label warnings by major browsers and search engines.

After providing an explanation and undergoing a re-review by netcraft.com, the red page warnings from netcraft.com and Google have been removed. However, the Microsoft Defender SmartScreen warning has still not been lifted. I have submitted an appeal via the "Report that this site does not contain phishing threats" portal, but I have not received any response.

Our company is losing many customers every day because of this. My boss is losing patience and has begun to doubt my ability to handle the situation. Therefore, I am turning to this forum to see if any experts can help! I have already contacted Microsoft’s Australian branch, but they informed me that they only have marketing and after-sales departments in Australia and no technical teams responsible for this.

Thank you very much.

by the way there two tickets we had already submitted for via "Report this site doesn't contain phishing threats" (but no response at all):

Ticket - 1 - 90e03c54-bcbd-431c-a882-a1378492c633

Ticket - 1 - 30d44a64-3df0-4754-865f-b15ace40d583

[page we got false positive]defender_smartscreen

[netcraft.com admitted they were wrong]netcraft_investigation netcraft_confirmation2

Microsoft Edge | Browser crashes or stops working | Windows 10
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-13T05:27:56.9366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Microsoft Defender SmartScreen uses its own reputation system and data sources, so removal from Netcraft or other providers does not automatically clear the SmartScreen warning. SmartScreen evaluates multiple dimensions such as URL reputation, page content, file behavior, TLS configuration, dynamic behavior, and user feedback. If any of these still indicate risk, the site continues to be flagged as unsafe even if a third-party provider has retracted its report.

    For a site that is incorrectly marked as unsafe, there are only two supported remediation paths in the provided documentation:

    1. Submit/appeal the URL as a false positive through the SmartScreen feedback channel.
      • From the SmartScreen warning page in Microsoft Edge, select More information > Report that this site doesn't contain threats and complete the submission.
      • Multiple user submissions (for example, from colleagues or customers) can help update SmartScreen’s reputation signals because User Feedback is one of the factors SmartScreen uses when deciding whether a site is unsafe.
    2. Ensure the site’s behavior and configuration do not trigger SmartScreen’s heuristics.
      SmartScreen considers several technical and behavioral factors when deciding to block a site:
      • URL reputation: Newly registered domains, domains with low traffic, or domains associated with previous malicious activity are more likely to be blocked. Maintaining a stable domain and increasing legitimate traffic over time improves reputation.
      • Page content: Pages that resemble known phishing layouts, contain deceptive forms, or host suspicious scripts can be flagged. Review login and payment pages to ensure they are clearly branded, use accurate company information, and avoid content that mimics other brands or financial institutions.
      • File behavior: If the site serves downloads (installers, executables, archives), SmartScreen checks those files’ reputation. Unsigned or rarely downloaded binaries, or binaries previously associated with malware, can cause or prolong warnings.
      • TLS security: Ensure certificates are valid, correctly issued, and that modern protocol versions are used.
      • Dynamic behavior: Excessive redirects, obfuscated JavaScript, or behavior similar to known phishing kits can negatively impact reputation.

    SmartScreen’s reputation system is dynamic and continuously updated. Once enough signals (including user feedback and clean behavior over time) indicate that the site is safe, the SmartScreen warning will be removed automatically. There is no separate documented escalation channel beyond submitting the site as safe and ensuring that the site’s behavior and configuration align with SmartScreen’s safety criteria.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.