danjacoyle 0 Posted April 8 Share Posted April 8 Since last week I've had a lot of endpoints constantly reporting a detection of PUA MSIL/Microsoft.Bing.D through a URL of hxxp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/da017dea-34f8-4a9f-a3fd-27f1b9538600?P1=1713064064&P2=404&P3=2&P4=fulaPo4QR9S/WS3SD5GtKwD6I7rCD0ekRnphxx9HyVg4UoYv1w1QkB18QTqB+JSBXCC/d06MsUStOSDj6IWKVA== or similar I'm wary of creating an exclusion and not having this detected so is there any way of resolving this? Is there any dialogue with Microsoft as I could see there was with the .A detection? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted April 8 Administrators Share Posted April 8 This probably happens because another Bing application was installed in the past (e.g. Bing Wallpaper). Do you remember allowing installation of such application? Isn't there a way to avoid downloading the above file? When is the detection triggered? Link to comment Share on other sites More sharing options...
danjacoyle 0 Posted April 9 Author Share Posted April 9 There aren't any Bing applications or similar on the PCs as far as I can tell. The detection is triggered when the endpoint accesses that URL so I assume it is a Windows app updating, most likelt Edge NEW NOTIFICATION Potentially unwanted application MSIL/Microsoft.Bing.D was detected on computer cctv1 Detection type: Potentially unwanted application Detection name: MSIL/Microsoft.Bing.D Computer name: Computer static group hierarchy: /All/Endpoint Security Logged user: Time of occurrence: 4/9/24, 9:10:17 AM UTC Scanner: HTTP filter Action performed: Connection terminated Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted April 9 Administrators Share Posted April 9 Edge may download updates with a Bing application included if a Bing application was installed in the past. You can either create a detection exclusion or contact Microsoft to find out why they include the Bing application in Edge updates. Link to comment Share on other sites More sharing options...
itman 1,748 Posted April 9 Share Posted April 9 Microsoft has started changing the default search engine in Chromium browsers to Bing. This also means Chrome. This is what Eset is detecting as PUA activity and rightfully so. Link to comment Share on other sites More sharing options...
danjacoyle 0 Posted April 9 Author Share Posted April 9 From the log files on one of the endpoints - Link to comment Share on other sites More sharing options...
itman 1,748 Posted April 9 Share Posted April 9 10 minutes ago, danjacoyle said: From the log files on one of the endpoints Same detection I received; Quote Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 4/2/2024 8:37:51 AM;Real-time file system protection;file;C:\Users\xxxxxx\AppData\Local\Temp\DODD22.tmp;a variant of MSIL/Microsoft.Bing.D potentially unwanted application;deleted;NT AUTHORITY\SYSTEM;Event occurred on a file modified by the application: C:\Windows\System32\svchost.exe (445F5F38365AF88EC29B357F4696F0E3EE50A1D8).;1E908ED6CF873C77790C7EE03CE1673BF2850B92; Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted April 9 Administrators Share Posted April 9 Most likely related to this: https://www.neowin.net/news/microsoft-is-once-again-harassing-chrome-users-with-malware-like-bing-ads/. Discussed also on Reddit: https://www.reddit.com/r/computerviruses/comments/18g8w8a/new_version_of_bgaupsell_adware/ Link to comment Share on other sites More sharing options...
Recommended Posts