moth 0 Posted March 21, 2018 Share Posted March 21, 2018 Strange error here - when trying to log into portal.office.com in either Chrome incognito or Edge InPrivate window, it is flagged with HTML/ScrInject.B trojan and terminated. In normal browser windows this does not happen. The actual site being blocked appears to be the OAuth page: https://login.microsoftonline.com/common/oauth2/authorize?client_id=........ Link to comment Share on other sites More sharing options...
Administrators Marcos 4,551 Posted March 21, 2018 Administrators Share Posted March 21, 2018 Please collect logs with ELC but also select "Quarantined files" in ELC before you click Collect. When done, drop me a private message with the generated archive attached. Link to comment Share on other sites More sharing options...
moth 0 Posted March 21, 2018 Author Share Posted March 21, 2018 Sent. Also, after signing out from the O365 portal on my primary Chrome profile, I now get the same alert trying that site, so the incognito thing is irrelevant. Link to comment Share on other sites More sharing options...
GRS 0 Posted March 21, 2018 Share Posted March 21, 2018 We are getting lots of alerts too, I would believe they are false positives, they are all related to Microsoft products authentication. Here are snipets of the errors we are getting. Thanks for looking into it! file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/HW8QJUOP/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\Teams\current\Teams.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:40:47;55B44C49BFE121846DD1EC1CBE1CBC7E605D152D file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/H7N967WW/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:20:48;84395DBB28182834E257D4ED138747EEE7E97802 file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/PQKB08OC/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:13:18;F59B2C878BACFF57E9B4E008649AE625DDA6FF5B file:///C:/Users/xxx/AppData/Local/Packages/microsoft.microsoftedge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/3UZ6OQXS/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:14:13;35BF6EC332DAA3C8EDAE801AD7D41D22B95DD959 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,551 Posted March 21, 2018 Administrators Share Posted March 21, 2018 This was fixed about 30 minutes ago. If you have LiveGrid enabled and working, it shouldn't be detected any more. Otherwise it will be fixed after an update which is being prepared. Link to comment Share on other sites More sharing options...
Recommended Posts