Microsoft Edge users, particularly those with third-party antivirus software, have been getting warnings from their antivirus about "Microsoft Edge making suspicious connections" to an unknown site.

You might have noticed those security warnings popping up every time you launch the Edge browser, especially if you're using antivirus software like Bitdefender or Kaspersky. Given that these "Suspicious Connections" are made by Microsoft's own browser - Edge, you might be worried about the implications and whether to ignore them or look into these warnings.

Don't worry, we've got this covered! In this guide, we're going to break down everything you need to know about Microsoft Edge making 'Suspicious Connection' and what to do about it.

'Suspicious Connections Blocked' Warnings

The Suspicious connection blocked warning usually displays this message or something similar to this: "msedge.exe attempted to establish a connection relying on an expired certificate to bzib.nelreports.net/deff.nelreports.netMicrosoft will probably fix this temporary issue. We blocked the connection to keep your data safe since websites must renew their certificates with a certification authority to stay current, and outdated security certificates represent a risk."

While the core message about a blocked connection remains the same, the specific domain that Microsoft Edge tries to connect to might vary. Here are some examples of domains that have shown up in these alerts:

  • bid.adsinteractives.com
  • bid.nelreports.net
  • deff.nelreports.net
  • markets.books.microsoft.com
  • extensionwebstorebase.edgesv.net

Why Does Microsoft Edge Make "Suspicious Connections"?

As you know, your Antivirus program actively monitors your browsing activity and internet connections, checking for potential threats like malware, phishing websites, and insecure connections.

So, you might see the "Suspicious connection blocked" warning pop up from time to time. It's basically your security program keeping your data safe by stopping it from reaching websites with outdated security.

These warnings pop up because some websites used by Microsoft haven't updated their security certificates yet. The affected Microsoft websites will have their certificates renewed, or a future update for Microsoft Edge will address this issue.

Edge has been interacting with these sites for a long time, but you're only noticing it now because their certificates have recently expired. The problem typically lies with the sites themselves, not the browser.

The warnings might look scary, but they're just your antivirus being extra careful. There can be a few different reasons why they appear:

  • Invalid or Expired Security Certificates: When you visit a website, it communicates using a security certificate. This certificate verifies the website's identity and ensures your connection is encrypted.  If a website's certificate is invalid, expired, or issued by an untrusted authority, your browser or security program might block the connection to protect you from being spied on or data theft.
  • Malware or Suspicious Websites: The Antivirus program maintains a database of known malicious websites and URLs.  If Microsoft Edge tries to connect to a website on this list, it will be flagged as suspicious to prevent you from accidentally downloading malware or accessing harmful content.
  • Other Vulnerabilities: The security warning could be related to outdated software, browser extensions, or even malware in the browser.

Connection to deff.nelreports.net/bid.nelreports.net Domains

Most of the time when you receive the suspicious connection blocked notification, it's because Microsoft Edge is attempting to connect to the domain deff.nelreports.net, which has an expired security certificate.

The deff.nelreports.net is a Microsoft-owned domain used for Network Error Logging (NEL), a web technology that helps website owners identify network connectivity issues. The domain's certificate expired, triggering warnings from antivirus software like Bitdefender and Kaspersky.

The expired certificates don't pose any security risks to users or their data. Microsoft will probably fix this temporary issue by renewing the certificate or removing the URL entirely.

What to do When you Get the Suspicious Connections Warning?

If the warnings are for the Microsoft domains, like the ones mentioned above, you don't need to do anything. Simply wait for Microsoft to renew the certificate or remove the URL. This is the simplest solution, as it will resolve the issue automatically.

However, if the browser tries to establish a connection to an unknown third-party website and is blocked, it's best to avoid the website that triggered the notification. This is to protect your data and security.

Check the Domain Address

Note down the domain or website address that the notification shows msedge.exe is attempting to connect to. Then, conduct thorough research to confirm the legitimacy and safety of the domain. You can use the following online tools to find more details about the sites:

  • Whois DomainTools: Use this site to find the domain's registration details, including its owner, contact, and more. This can help you find whether the sites are associated with Microsoft or a third party.
  • VirusTotal: This tool can scan the domain for any known malware or security threats on the site. You can also see whether the site has been flagged as suspicious or malicious.

You can search online for the website or URL mentioned in the warning to see if others have reported it as suspicious.

Check the Warning Message

Take a close look at the warning message itself. Pay attention to the specific words of the warning, as it can offer clues about the kind of danger you might be facing. If the warning mentions something like an expired certificate, it might be less serious than a warning that suggests a connection to an unknown or phishing website.

If you're confident the website is safe and trustworthy, you can sometimes add it as an exception in your antivirus settings.

Fix: Microsoft Suspicious Connection blocked by Antivirus

After confirming the legitimacy and safety of the domain shown in the warning, you have a few options to manage the "suspicious connection" alerts. If the domain seems suspicious or you're unsure about the domain's status, allow the antivirus to continue to block the connection.

It's best to put up with the error warning messages until necessary changes are made in Edge or the domain.

However, if the persistent warnings are annoying and disrupting your workflow and if you’ve verified that the domain is legitimate (deff.nelreports.net or bid.nelreports.net, in this case) and aren't going to cause any trouble; you can do a few things to silence these alerts. Here's how:

Temporarily Whitelist the Domain

You can configure your security software to allow connections to the specific domain, pausing notifications temporarily.

Add the Website to the Exceptions list in Bitdefender

Here's how you can add a website to the Exceptions list to bypass Bitdefender's security checks on your Windows.

  1. Open the Bitdefender app and select the 'Protection' tab.
  2. Look for the 'Online Threat Prevention' tile and click on 'Settings' under it.
  3. Next, find and click on 'Manage exceptions'.
  4. Click the '+ Add an Exception' button on the next page.
  5. Type in the website address you saw on the warning message (like deff.nelreports.net). Make sure to spell it correctly.
  6. After that, flip the switch next to 'Online Threat Prevention' to 'On'.
  7. Click 'Save' to add the site to the list.

This is a temporary fix. Remove the site from the exception list when the certificates are renewed, the issue is resolved, or when you no longer trust the website.

Add the Website to the Trusted list in Kaspersky

If you have the Kaspersky antivirus program, here's how you can whitelist the site:

  1. Open the Kaspersky app and click the 'Settings' icon.
  2. Select the 'Protection' tab or the 'Essential protection' tab and click on 'Web Anti-Virus' or 'Safe Browsing'.
  3. Scroll down and click 'Advanced Settings'.
  4. Then, click the 'trusted URLs' link below.
  5. Click the '+Add' button.
  6. Next, type the domain address you saw on the warning message and click 'OK'.
  7. Then, click 'OK' in the lower-right corner.
  8. After that, click 'Save' and select 'Yes' in the confirmation box.

Update the Edge Browser

Make sure that your web browser is up to date. Browser updates often include security patches that fix vulnerabilities and improve overall security. As we mentioned before, Microsoft will either renew the certificates or a future update to Microsoft Edge will fix the issue.

To check for updates, click the three dots button, click 'Help and feedback', and select 'About Microsoft Edge'.

Then, let the Microsoft Edge check for updates and install the latest version.

Disable MSN New Feeds

Disabling the MSN News feed in Edge might silence ‘Suspicious Connection Blocked’ alerts because sometimes they're triggered by the news feed. However, it'll also remove news integration within Edge, limiting its features.

  1. Open the Microsoft Edge browser on your computer, click the three dots button on the top right corner of the window, and select ‘Settings’ from the menu.
  1. On the left side of the Settings page, select the ‘Start, home, and new tabs’ section.
  2. Then, scroll down to the bottom of the page on the right side pane, and click on the ‘Customize’ button under the New tab page section.
  1. If you see the ‘What are you interested in’ pop-up, close it.
  2. On the new tab page that opens, click the gear icon (Settings) on the top right corner of the page.
  1. A Page Settings menu will open. Scroll down the menu and click the ‘Content’ drop-down menu.
  1. Then, choose ‘Content off’.

Reset the Edge Browser

Resetting the browser is also known to fix browser issues and prevent the ‘Microsoft suspicious connection blocked’ warning from popping up again.

  1. To reset the Edge browser, click the three-dot icon on the right-top corner to choose 'Settings' from the menu.
  2. Select the ‘Reset settings’ on the left sidebar and then click ‘Restore settings to their default values’ on the right side pane.
  1. Click ‘Reset’ again on the confirmation box.

Edit the Host File on your PC

When you see the 'Suspicious Connection Blocked' warnings in Edge, it could also mean that the browser is trying to connect to a website with technical difficulties or, in some cases, it might be malicious.

Regardless of the cause, you have the option to modify your computer's host file to block connections to that particular server. Let us see how to do that:

  1. Open File Explorer on your Windows computer with the shortcut keys Windows+E.
  2. Once the File Explorer opens, copy-paste the below path in the address bar and hit Enter:
C:\Windows\System32\drivers\etc
  1. Once you are in the above location, right-click the 'hosts' file and select 'Copy'.
  1. Before making any changes, let's ensure we have a backup of the 'hosts' file. Choose a safe location on your PC for this backup, then simply paste the copied file you made earlier using Ctrl+V.
  2. Now, right-click the backup 'hosts' file, and select the 'Rename' option.
  1. Then, rename the file to hosts.org.
  1. If you ever decide you need to revert to the original settings or if something goes wrong, you can easily restore the original hosts file with just a few clicks.
  1. After that close the File Explorer window and switch over to your Desktop. Once you're there, simply press Ctrl+V to paste the 'hosts' file copy we made earlier. We'll edit this one before putting it back in its original place.
  2. Double-click the 'hosts' file on your desktop to edit it.
  1. When the prompt box asks how you want to open this file or select an app to open this file, simply double-click the 'Notepad' option from the list of apps.
  1. Next, copy-paste the following lines at the end of the Notepad window:
127.0.0.1 deff.nelreports.net

0.0.0.0 deff.nelreports.net

# Block access to a Microsoft website that is corrupt.

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost
  1. If the warning message you get has a different website address than the one (deff.nelreports.net) in the above command, like ‘bid.adsinteractives.com’ or ‘markets.books.microsoft.com’, simply replace deff.nelreports.net with that address in the lines. Just make sure everything else stays the same.
  1. Then, save the file by pressing Ctrl+S and close it.
  2. After that, go back to your desktop, then copy the 'hosts' file.
  1. Then, navigate to the below location again: C:\Windows\System32\drivers\etc.
  2. Paste the edited hosts file in the folder and select 'Replace the file in the destination' to replace the original hosts file.
  1. After that restart your PC, and check if your anti-virus is still showing the suspicious connection blocked notification. 

Report False Positives

If you believe the connection is a false positive (a legitimate site flagged as suspicious), report it to your antivirus provider. Many security programs allow users to report false positives to improve detection accuracy.

For the Bitdefender program, fill out this form and report an incorrect detection to Bitdefender Labs. Make sure to select 'False Positive' from the 'Select the category' drop-down and type the URL from the notification under the URL field.

If you are getting warning messages from the Kaspersky software, you can submit the website for analysis through this website.

Uninstall Microsoft Edge Browser

If the Edge browser is bothering you by triggering too many security warnings, you can just ditch the Edge Browser and switch to other reliable browsers like Chrome, Firefox, Brave, etc.

Windows doesn't make it easy to uninstall Microsoft Edge, as the standard 'Uninstall' button is greyed out in the Settings and Control Panel. However, if you're determined to remove it, there's a workaround involving tweaking the Windows Registry. Here's how:

  1. Press Windows+R to open Run, type regedit, and click 'OK' to open the Registry Editor.
  2. Click 'Yes' in the User Account Control (UAC) prompt.
  1. In the Registry Editor, navigate to the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge
  1. Then, right-click the 'NoRemove' registry entry in the right panel.
  1. In the Edit DWORD window, change the Value data to 0 and click 'OK'.
  1. Then, restart your computer.
  2. After the restart, open the Control Panel and click the 'Uninstall a program' under Programs.
  1. Then, select the 'Microsoft Edge' app, and click 'Uninstall'.
  1. Follow the on-screen instructions to remove the Edge app.

That's it.

While a "suspicious connection" alert from your antivirus software can be alarming, especially when it involves your browser, the situation with Microsoft Edge and bzib.nelreports.net likely doesn't require immediate panic.

Remember, expired certificates can trigger these warnings without actual security risks. However, vigilance is key. If you encounter similar concerns, follow the tips outlined in this post:

  • Analyze the details: Understand the connection details provided by your antivirus software. This will help differentiate genuine issues from harmless glitches.
  • Update Edge: Ensure you're running the latest version of Edge to benefit from security patches and bug fixes.
  • Scan your system: Run a thorough scan with your antivirus software and consider employing additional tools like AdwCleaner for extra peace of mind.

You can confidently navigate these situations by staying informed and taking proactive measures. Microsoft is aware of the bzib.nelreports.net certificate issue and will likely resolve it soon. Keep browsing safely!