Microsoft Corporation
Threat protection in documents

Abstract:

A threat protection system provides for detecting links in a document and analyzing whether one of the detected links is a malicious link that may direct a user of the document to a malicious universal resource locator (URL). In one implementation of the described technology, when a user selects a link in a document, a link activation module calls a threat protection client module that performs a reputation check for the link. If the selected link is malicious, the threat protection client module sends a URL of a warning page to the link activation module.