Jump to content

Office 365 portal blocked in incognito mode


moth
 Share

Recommended Posts

Strange error here - when trying to log into portal.office.com in either Chrome incognito or Edge InPrivate window, it is flagged with HTML/ScrInject.B trojan and terminated. In normal browser windows this does not happen. The actual site being blocked appears to be the OAuth page: https://login.microsoftonline.com/common/oauth2/authorize?client_id=........

 

Link to comment
Share on other sites

  • Administrators

Please collect logs with ELC but also select "Quarantined files" in ELC before you click Collect. When done, drop me a private message with the generated archive attached.

Link to comment
Share on other sites

Sent. Also, after signing out from the O365 portal on my primary Chrome profile, I now get the same alert trying that site, so the incognito thing is irrelevant. 

Link to comment
Share on other sites

We are getting lots of alerts too, I would believe they are false positives, they are all related to Microsoft products authentication.

Here are snipets of the errors we are getting.

Thanks for looking into it!

file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/HW8QJUOP/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\Teams\current\Teams.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:40:47;55B44C49BFE121846DD1EC1CBE1CBC7E605D152D

file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/H7N967WW/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:20:48;84395DBB28182834E257D4ED138747EEE7E97802

file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/PQKB08OC/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:13:18;F59B2C878BACFF57E9B4E008649AE625DDA6FF5B

file:///C:/Users/xxx/AppData/Local/Packages/microsoft.microsoftedge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/3UZ6OQXS/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:14:13;35BF6EC332DAA3C8EDAE801AD7D41D22B95DD959

Link to comment
Share on other sites

  • Administrators

This was fixed about 30 minutes ago. If you have LiveGrid enabled and working, it shouldn't be detected any more. Otherwise it will be fixed after an update which is being prepared.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...