Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Smart Screen False Positivies - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Smart Screen False Positivies

We received a couple of reports about Microsoft's "Smart Screen" flagging harmless sites as malicious. Initially, we considered the possibility of an infected ad service. But it may be a bug in Smartfilter as well.

More details shortly.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Nov 4th 2010
This happened to some persons in our workplace recently. Only it was happening for IE8 talking to local LAN web servers that our users use for applications. One of the incidents was an IT staffer just trying to access the Symantec Web console for administration purposes. He says it works today. So IE8 maybe updated itself already.
We definitely saw this with an internal site yesterday for most of the morning, but by 1pm PDT yesterday it had been resolved. The @MicrosoftHelps user on Twitter had some references to it yesterday afternoon. It was definitely a change in their engine--my guess was they were tweaking it to detect something related to the new vulnerability from this week. Not sure.

3 Posts

Sign Up for Free or Log In to start participating in the conversation!