HTML/Scrinject.B.Gen virus false positive for *.visualstudio.com?

[eriksendc 0]

Hi All,

I'm a CTO of a small internet startup called getyourpet.com. We use Microsoft's Visual Studio Team Services (VSTS) to store our source code, manage work, and automate our builds. You go to visualstudio.com and set up an account, and you get a subdomain of your own. For example, ours is getyourpet.visualstudio.com.

VisualStudio.com is fine, but when I go to getyourpet.visualstudio.com I'm getting the attached warning. I'm sort of shocked because this is on pages of VSTS that you can only get to if you have an account.

Can someone confirm that this is really a problem?

Thanks,

-Brian Eriksen

PS - There also seems to be a problem with https://cdn.vsassets.io, which would be Visual Studio-related assets, I suppose...

Edited February 10, 2017 by eriksendc
additional info added as a PS and one more screen shot

[Marcos 5,074]

Seems to be a false positive, the url has been unblocked. Next time please report possible false positives to samples[at]eset.com as per the instructions at http://support.eset.com/kb141.

[Patrick Peters 0]

You say the URL has been unblocked, but the visualstudio.com pages are still blocked after I did the update. I still have to rollback now to get access to the VSTS pages...

[Marcos 5,074]

It takes some time for unblocking to take effect, approx. 20-30 minutes at maximum as long as you have LiveGrid enabled.

[Patrick Peters 0]

3 hours ago, Marcos said:

It takes some time for unblocking to take effect, approx. 20-30 minutes at maximum as long as you have LiveGrid enabled.

Still no effect after 3 hours.

I have called the ESET helpdesk and they had the solution:

Open Advanced Setup. Go to tab WEB AND EMAIL.

Disable in the SSL/TLS area the SSL/TLS protocol filtering. Click OK.

Then reopen the same page and enable it again.

Close the ESET user interface app and retry, that should work.

[Marcos 5,074]

Disabling SSL filtering is not a solution. I would never recommend doing that as IMAPS, POP3S and HTTPS communication will not be filtered. As a result, potential malware on an https website might not be detected and blocked.

If the problem persists, supply me with logs gathered by ESET Log Collector as per the instructions in my signature.