Jump to content

Recommended Posts

Posted

Strange error here - when trying to log into portal.office.com in either Chrome incognito or Edge InPrivate window, it is flagged with HTML/ScrInject.B trojan and terminated. In normal browser windows this does not happen. The actual site being blocked appears to be the OAuth page: https://login.microsoftonline.com/common/oauth2/authorize?client_id=........

 

  • Administrators
Posted

Please collect logs with ELC but also select "Quarantined files" in ELC before you click Collect. When done, drop me a private message with the generated archive attached.

Posted

Sent. Also, after signing out from the O365 portal on my primary Chrome profile, I now get the same alert trying that site, so the incognito thing is irrelevant. 

Posted

We are getting lots of alerts too, I would believe they are false positives, they are all related to Microsoft products authentication.

Here are snipets of the errors we are getting.

Thanks for looking into it!

file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/HW8QJUOP/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\Teams\current\Teams.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:40:47;55B44C49BFE121846DD1EC1CBE1CBC7E605D152D

file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/H7N967WW/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:20:48;84395DBB28182834E257D4ED138747EEE7E97802

file:///C:/Users/xxx/AppData/Local/Microsoft/Windows/INetCache/IE/PQKB08OC/authorize[1].htm;deleted;;1;1;xxx\xxx;C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:13:18;F59B2C878BACFF57E9B4E008649AE625DDA6FF5B

file:///C:/Users/xxx/AppData/Local/Packages/microsoft.microsoftedge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/3UZ6OQXS/authorize[1].htm;deleted;;1;0;xxx\xxx;C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe;Event occurred on a newly created file.;17094 (20180321);2018-03-21 17:14:13;35BF6EC332DAA3C8EDAE801AD7D41D22B95DD959

  • Administrators
Posted

This was fixed about 30 minutes ago. If you have LiveGrid enabled and working, it shouldn't be detected any more. Otherwise it will be fixed after an update which is being prepared.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...