Today Outlook 365 is being blocked when it tries to pull in new mail. I verified the IP address. The IP addresses have been assigned to Microsoft.
I added an exclusion (malware exclusion only) for C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
I assume it is being flagged as ransomware since I am still receiving alerts and cannot retrieve my mail. Please fix this as soon as possible.
I have only attached a few logs, I have hundreds. There was another IP but I cannot find it. If you can give me an easier way to parse these logs I could find it. Where are they stored on my system?
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/18/17
Protection Event Time: 2:46 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1968
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: outlook.office365.com
IP Address: 40.97.153.162
Port: [56404]
Type: Outbound
File: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(end)
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/18/17
Protection Event Time: 2:46 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1968
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: outlook.office365.com
IP Address: 40.97.153.162
Port: [56402]
Type: Outbound
File: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(end)
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/18/17
Protection Event Time: 2:46 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1968
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: outlook.office365.com
IP Address: 40.97.153.162
Port: [56404]
Type: Outbound
File: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(end)
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/18/17
Protection Event Time: 2:23 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1967
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: outlook.office365.com
IP Address: 40.97.153.162
Port: [54932]
Type: Outbound
File: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(end)
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/18/17
Protection Event Time: 2:23 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1967
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: outlook.office365.com
IP Address: 40.97.153.162
Port: [54932]
Type: Outbound
File: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(end)