Share via

False positive: legitimate B2B SaaS procurelia.com blocked by SmartScreen

Ibrahim sekkouri 0 Reputation points
2026-05-26T11:14:07.8333333+00:00

hello ,

Microsoft Defender SmartScreen incorrectly classifies the legitimate B2B SaaS domain procurelia.com (and subdomains www.procurelia.com, staging.procurelia.com) as unsafe and blocks all access in Microsoft Edge under corporate policy enforcement (observed on a SNCF corporate endpoint on 2026-05-26).

The block message displayed is "Ce contenu est bloqué par votre organisation - Hébergé par procurelia.com - Microsoft Defender SmartScreen".

About the domain

  • Domain: procurelia.com (registered 2026-05-24 via Spaceship)
  • Owner: Ibrahim Sekkouri (independent professional)
  • Hosting: Hetzner Cloud, Helsinki, Finland (IP 95.217.3.112)
  • Purpose: B2B SaaS platform for procurement document analysis, targeting public works (BTP) and railway industries. Provides structured data extraction from Excel files and comparative tender analysis between bidders.
  • Compliance: EU-hosted (GDPR-compliant), HTTPS-only with valid Let's Encrypt certificates (ECDSA + RSA dual-cert), OWASP security headers (HSTS, CSP, X-Frame-Options, etc.), MFA-protected admin access, bcrypt-hashed credentials.

Why this appears to be a false positive

  • The domain hosts no malware, phishing content, adult content, or any other prohibited material.
  • The site is a private professional application accessed exclusively by authenticated users (login + MFA TOTP required for any non-public page).
  • No spam, no email campaigns originate from this domain.
  • The most likely cause of the block is the "Newly Registered Domain" (NRD) heuristic, given the domain is only 2 days old at the time of the block.

Verification

  • VirusTotal scan (please verify): https://www.virustotal.com/gui/url/ (search for procurelia.com)
  • WHOIS: Registered through Spaceship, registrant contactable at ******@gmail.com
  • TLS: Valid Let's Encrypt certificate, TLS 1.2/1.3 only, modern cipher suites
  • Public landing page: https://procurelia.com (login form only, no automated download or executable content)

Request

Please review and re-categorise procurelia.com (and its subdomains) as a legitimate Business / Productivity Software site, and remove it from the SmartScreen block list.

Business impact: this block prevents access from corporate environments running Microsoft Defender (a significant portion of our prospective B2B customer base), making commercial demonstration and onboarding impossible.

Contact

  • Email: ******@gmail.com
  • Time zone: CET (Paris)
  • Available for any additional verification or supporting documents.

Thank you for your time.

Microsoft 365 and Office | Microsoft 365 Defender | Other | Windows
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-26T11:14:33.4033333+00:00

    The behavior described matches a SmartScreen false positive on a newly registered, low‑reputation business domain.

    SmartScreen and Microsoft Defender for Endpoint admins cannot directly “whitelist” a public domain globally, but there are two parallel actions that should be taken: one by the site owner to get SmartScreen’s reputation corrected, and one by the customer organization (SNCF) to allow access while reputation builds.

    1. Report the false positive to Microsoft SmartScreen

    For SmartScreen URL reputation issues, Microsoft’s documented channel is the SmartScreen/URL submission and feedback flow:

    • Use the SmartScreen block page in Microsoft Edge:
      • On the block page for procurelia.com, select the link such as Report that this site doesn't contain threats (wording may vary slightly) under the More information section. This sends the URL and context to the SmartScreen Reputation team for review.
      • This is the recommended way to report a false positive for sites blocked as dangerous by SmartScreen in Edge.
    • Alternatively, use the SmartScreen reporting portals referenced for Defender for Endpoint:
      • For SmartScreen URL issues, use the Report an unsafe site flow referenced under the Smartscreen detection source: Report an unsafe site.
    • For file‑ or app‑based detections (if any downloads were being blocked), submit the file to Microsoft Defender SmartScreen via the WDSI portal and select Microsoft Defender SmartScreen as the product.

    These submissions go to Microsoft’s reputation systems so the domain can be re‑evaluated and, if confirmed clean, removed from SmartScreen’s block list.

    1. If the endpoint is managed by Microsoft Defender for Endpoint (corporate admin action)

    Because the message explicitly states “Ce contenu est bloqué par votre organisation – Microsoft Defender SmartScreen”, the block is enforced under corporate policy. While waiting for Microsoft’s reputation update, the organization’s security admin can:

    • Use Web Content Filtering (WCF) or indicators to allow the domain:
      • In Microsoft Defender for Endpoint, create an Allow indicator for the domain procurelia.com (and required subdomains) so that web protection no longer blocks it.
      • For WCF category‑based blocks, navigate to the Domains tab in the WCF reports, find procurelia.com, use the ellipsis (…) and choose Dispute Category and/or create an Allow override.
    • Confirm the detection source:
      • In Defender for Endpoint, check the alert or event details to verify that the detection source is Smartscreen or Web content filtering. If it is SmartScreen, the global SmartScreen submission (step 1) is required; if it is WCF category, disputing the category and adding an Allow indicator will immediately unblock for that tenant.
    1. If the endpoint is not using Defender for Endpoint WCF but only SmartScreen
    • SmartScreen is on by default in Edge and can be configured by Group Policy or Intune.
    • If the organization’s policy is “block and do not allow user override” for SmartScreen, only the admin can change that policy. The admin could temporarily change the policy to “warn but allow users to continue” while SmartScreen reputation is corrected, or add tenant‑level allow rules where available.
    1. Prevent future SmartScreen issues for similar domains

    For new B2B SaaS domains, SmartScreen’s reputation system is sensitive to:

    • Newly registered domains and low traffic volume.
    • TLS and security posture.
    • Page content and behavior.

    The following practices reduce the likelihood of future false positives:

    • Maintain HTTPS with valid certificates and strong TLS.
    • Use CSP and other secure headers, and avoid loading unknown third‑party content in iframes.
    • Avoid hosting any potentially unwanted applications or deceptive content.
    • Maintain stable hosting and DNS to build domain reputation over time.
    1. Summary of concrete steps
    • From an affected Edge client, use the SmartScreen block page link Report that this site doesn't contain threats for procurelia.com.
    • Additionally, submit the URL via the SmartScreen “Report an unsafe site” form.
    • If Defender for Endpoint Web Protection is in use, the SNCF security admin should:
      • Create an Allow indicator for procurelia.com and subdomains.
      • If blocked by WCF category, use Dispute Category on the domain and/or override with an Allow rule.
    • Wait for SmartScreen reputation review; once accepted, the domain will no longer be blocked by SmartScreen globally.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.