Windows 10: Windows Defender ATP ExploitGuard False Web Block.

Hi all,


I'm trying to figure out how to either report a false block to Microsoft, or whitelist a website that was blocked.


Your IT administrator has caused Windows Defender Exploit Guard to block a potentially dangerous network connection.
Detection time: 2019-02-04T19:37:31.935Z
User: S-1-5-21-11****
Destination: http://*websitehere*.com
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe


I have access to the web portal at https://securitycenter.windows.com/ I have gone in there and whitelisted the IP as this is the ONLY thing I could think of to whitelist the page, but this isn't working. I cannot find and kind of config file or GPO setting either, but that doesn't mean one doesn't exist.


Searching the internet I can find no way to report the incorrect block and if I go into the help section in Security Center I do see a report option, but it won't let me do it from my work email, I have to use an old microsoft account that has no license, so for a SINGLE report, it says it will cost $499.


If it matters, the website does come up clean in virustotal and other web scanners.


Any help would be greatly appreciated!


Thank you!

:)

 

Defender ATP

Hi,



Thank you for writing to Microsoft Community Forums.



Usually we do not suggest to disable Windows Defender feature, Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. However, if you
still wish to disable it, please follow the steps mentioned below and check if it helps:

1. Open Windows Settings (Windows key + I).
   
2. Then click on Updates & Settings.
   
3. Then click on Windows Security.
   
4. You can disable Cloud based and automatic submissions.
   

If you need any additional assistance, then please write back with the following information:

1. What is the exact error message which you are getting?
   
2. Is the issue specific to an application?
   
3. Could you please
   post a screenshot for a better understanding?
   

Regards,

 

Windows Defender ATP.

Why isn't the Windows Defender ATP platform available with Windows 10 Pro for free? What's the difference between Windows Defender and Windows Defender ATP? If you're going to make Windows 10 the best operating system ever, the virus and malware protection
has to be the best too. So having one Windows Defender ATP across the whole Windows 10 ecosystem for free is better then having two different virus and malware platforms?

 

Windows Defender ATP.

Windows Defender ATP isn't protection, rather it's more after the fact forensics. Any sized firm can run ATP as you can enable it on Windows 10 pro with merely a script. What you have to have is a Windows E5 subscription license which now is sold in single
units by cloud service providers.

The naming of "Windows defender ATP" is IMHO a bad marketing name. It doesn't defend. It reports. It helps an admin understand when intrusions take place what IP the workstation talked to and what may have occurred but it still takes a technical person
to interpret the findings.