Website coming up as false positive with MS Advanced Threat Protection

The firm I work for subscribes to MS Advance Threat Protection.  I subscribe to email newsletters that arrive several times a day from *** Email address is removed for privacy ***.  Starting two days ago when I click a link in the email, that MS Advanced Threat Protection has rewritten for protection, from *** Email address is removed for privacy ***, I am directed to a website from MS/Office 365 states that the website is classified as malicious.  See image below.

I have tried whitelisting the email address *** Email address is removed for privacy *** and domain Spiceworks.com come within the Exchange Admin Console of O365.  I have check for a way to have whitelist the site within the Security and Compliance admin but have not found a way.  Is there a way to have the links in the email whitelisted so I can continue to the page within the Spiceworks website?

The URL from the email below notes that the website is spiceworks.cmail19.com. Should this be whitelisted somehow?  Below is the Advanced Threat Protection rewritten URL from an email that brings me to the Malicious Website Warning.  

Note:  In both URLs I changed my email address in the URLs to username%40domain.com from my actual email address.

Blocked URL from September 27, 2017:

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspiceworks.cmail19.com%2Ft%2Fn%2Fi-l-1eebb5e2a3d511e78d82d9312d118523-l-h-r-l%2F&data=02%7C01%7Cusername%40domain.com%7Cd15c71dd38aa47b3078408d505f903ae%7C5eeefa2398824fd29ac407bb74d23ce8%7C0%7C0%7C636421489425137893&sdata=y4%2FCpD9ABO807IbZt9Uu5LruKvAKC%2F6mjgJ1IlMctlU%3D&reserved=0

This URL from September 22, 2017, allows me to visit the topic referenced in the email:

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspiceworks.cmail20.com%2Ft%2Fn%2Fi-l-9e9298079fa811e7be5e93cf22d9c67c-l-h-r-l%2F&*** Email address is removed for privacy ***%7C47f1fc449054496122bb08d501cc8414%7C5eeefa2398824fd29ac407bb74d23ce8%7C0%7C0%7C636416900260246487&sdata=vpg85wBQm3e4BKXuKJ4N2%2FxuXjVlBbQR5hzGZNyxQF4%3D&reserved=0

The only difference that I can see is that in the blocked URL the references spiceworks.cmail19.com and the unblocked is to spiceworks.cmail20.com.  

Does MS Advanced Threat Protection need to whitelist spiceworks.cmail19.com?  Is there a way for me to modify something in our O365 tenant admin settings that will allow access to the pages the email URL references?

Thank you for your help.

Answer
Answer

This forum is for consumer security related issue and it is better to ask it from Microsoft ATP forum:

https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated May 4, 2020 Views 574 Applies to: