This incident has been resolved. We have identified the root cause. The incorrect verdict was due to multiple 3rd party intelligence feeds providing malicious verdicts. Enhancement measure will be added to reduce false positives caused by CNAME domains from 3rd party intelligence ingestions.
Posted Mar 06, 2026 - 20:24 UTC
Update
We have disabled the false positive signature to resume customer utility. We are continuing to investigate the root cause.
Posted Mar 06, 2026 - 20:23 UTC
Investigating
One of our detectors is experiencing an issue that caused false positive blocking. Specifically, res-stls-prod[.]edgesuite[.]net.globalredir[.]akadns88[.]net was misclassified as phishing from 3/6/2026 13:08 UTC to 3/6/2026 16:50 UTC. This domain is a CNAME of res.cdn.office[.]net and res-stls-prod.edgesuite[.]net. So, the DNS resolution of res.cdn.office[.]net or res-stls-prod.edgesuite[.]net might experience blockage during the period of time mentioned above.