moth 0 Posted March 21, 2018 Posted March 21, 2018 Strange error here - when trying to log into portal.office.com in either Chrome incognito or Edge InPrivate window, it is flagged with HTML/ScrInject.B trojan and terminated. In normal browser windows this does not happen. The actual site being blocked appears to be the OAuth page: https://login.microsoftonline.com/common/oauth2/authorize?client_id=........
Administrators Marcos 5,733 Posted March 21, 2018 Administrators Posted March 21, 2018 Please collect logs with ELC but also select "Quarantined files" in ELC before you click Collect. When done, drop me a private message with the generated archive attached.
moth 0 Posted March 21, 2018 Author Posted March 21, 2018 Sent. Also, after signing out from the O365 portal on my primary Chrome profile, I now get the same alert trying that site, so the incognito thing is irrelevant.
GRS 0 Posted March 21, 2018 Posted March 21, 2018 We are getting lots of alerts too, I would believe they are false positives, they are all related to Microsoft products authentication. Here are snipets of the errors we are getting. Thanks for looking into it! file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/HW8QJUOP/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\Teams\current\Teams.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:40:47;55B44C49BFE121846DD1EC1CBE1CBC7E605D152D file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/H7N967WW/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:20:48;84395DBB28182834E257D4ED138747EEE7E97802 file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/PQKB08OC/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:13:18;F59B2C878BACFF57E9B4E008649AE625DDA6FF5B file:///C:/Users/xxx/AppData/Local/Packages/microsoft.microsoftedge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/3UZ6OQXS/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:14:13;35BF6EC332DAA3C8EDAE801AD7D41D22B95DD959
Administrators Marcos 5,733 Posted March 21, 2018 Administrators Posted March 21, 2018 This was fixed about 30 minutes ago. If you have LiveGrid enabled and working, it shouldn't be detected any more. Otherwise it will be fixed after an update which is being prepared.
Recommended Posts