Microsoft Corp.’s security platform Defender, which comes installed as standard with Windows, is having a bad day today, with users reporting that the service is tagging sites such as Google and Zoom as being malicious.

When it works properly, Defender is meant to stop users from visiting malicious sites, but it goes without saying that Google.com isn’t malicious. It’s unknown why Defender has suddenly gone rogue. At least for now, Microsoft doesn’t seem to know why either.

According to the official Microsft 365 Status Twitter account, Microsoft is investigating why legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. In addition, Microsoft is looking into why some of the alerts are not showing content as expected.

The Microsoft support team confirmed that users can still access legitimate URLs despite the false-positive alerts. As part of an investigation into the problem, Microsoft said it was “reviewing diagnostics such as network telemetry data to verify the root cause and identify a path to resolution.”

How widespread the issue is among users is not clear. The Register reported that one organization had received hundreds of malicious URL alerts for Zoom.us links, all of which take time to investigate. A post on Reddit also detailed various users who have experienced the problem.

“Doing internet-scale scanning of domain and URL data at internet-scale speed is extremely challenging to get right,” Sean McNee, vice president of research and data with internet intelligence specialists DomainTools LLC, told SiliconANGLE. “The best automation for doing this work always has the possibility for triggering ‘false positives’ — identifying benign URLs as being malicious. The goal of all of these systems, as always, is to bring that false positive rate as low as possible while still identifying maliciousness accurately when it appears.”

McNee added that though he was concerned to see these popular URLs flagged, “I applaud Microsoft for acting as quickly as they did to rectify the situation and hope they publish more information about the causes later on.”

Image: Microsoft