The University uses Microsoft Defender for Endpoint to secure its devices. It achieves this by blocking websites it believes are malicious, preventing software or files from performing certain actions that might be used by a hacker, or blocking applications that it doesn’t recognise. This can include Office documents that have code, scripts or content from websites built into them.
This article covers:
Microsoft Defender for Endpoint splits websites into three categories:
- Good: Microsoft has seen the website and believes it to be safe. You can connect to these websites without issue.
- Bad: Microsoft has seen the website and believes it to be unsafe or contains illegal content. Microsoft Defender for Endpoint will block the connection to this website.
- Unknown: Microsoft has not yet seen the website and does not know if it is safe or not. Microsoft Defender for Endpoint will warn you about the potential threat of the website, and you can choose whether to proceed at, your own risk.
When a website is blocked your web browser will display an error message. What it looks like will depend on your browser:
Chrome will display a white screen reporting that "You don't have authorisation to view this page"
You will also get an alert in the notification centre giving you an option to provide feedback. Please note, The University of Leeds has no control over feedback raised directly with Microsoft.
If the website is in the "Unknown" category rather than the 'Block' category you will have an option to unblock the website for 24 hours.
Edge will display a red screen stating "This site has been reported as unsafe".
There are no options to unblock the website.
When Microsoft Defender for Endpoint prevents an application from either launching or doing something it believes is suspicious, it will display this notification.
If you choose to click "Get Support" you will be directed to this knowledge base article.
These alerts are nothing to worry about. Microsoft Defender for Endpoint noticed the application doing something it shouldn't and your device and data are safe. However, you may occasionally see an application routinely try to do something that's blocked which generates a large number of alerts, or you may find applications don't function correctly or sometimes won't even launch at all. If you are affected by these alerts you can log an appeal to get them removed for a specific website or application.
Some computers have had exclusion requests raised by users whose workflow requires them to create new executable files that will not yet have been evaluated by Microsoft, and that these files may change often in a way that means we are unable to write exclusions for them.
In these circumstances IT has given users of the computer the option in the alert to manually unblock that file for 24 hours. If you see an option to unblock a file, be sure to check the application name was one that you trust and are expecting to launch, as malware can often use familiar applications to launch malicious processes, and only unblock the file if you are being blocked from doing your work.
If Microsoft Defender for Endpoint is blocking a website or application you need to use to perform your duties at work, you can let us know by filling out this form and we will investigate. We will need the following information
Once we have these details we'll look at the error logs on your device and determine why the website or application is getting blocked and if the they are malicious or not.