Jump to content

Office 365 blocked?

jcleek
 Share

Recommended Posts

jcleek

jcleek

Posted
Posted

I have an account on Office 365. To access that I use Outlook and the Outlook Web Access interface. Recently my Outlook client has started showing DISCONNECTED in the status bar and will not send or receive email. Additionally, when I log into OWA I get a message that the page cannot be displayed rather than my mailbox. Access works fine from other places, just not at home. So I started playing to see if something is blocking my access. Sure enough, as soon as I disabled malware protection and malicious website protection my mail started working again.

 

I can find nothing similar in the forums. Any idea why this is happening?

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hello and :welcome:

We would need more info on the system....

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs

(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Additionally, can you post a copy of your protection logs so we can see what's being blocked?

Thank You,

Firefox

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Office 365 is not blocked in your logs by MBAM and I use it every day and it does not block it for me either. Your Event Logs though do show issues with your computer in general.

 

 

 

 

Please use REGEDIT.EXE and browse to this key and remove the entry for PIA_MANAGER.EXE
That sets a compatiblity setting that is not needed. If you want it to run with admin rights then modify the shortcut under Advanced (not under compatibility) and check the "Run as administrator" check box.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    C:\Program Files\pia_manager\pia_manager.exe
    



These entries from the VPN are fine but just simply is not a good method as using temporary files can be flagged as malware off and on by most security software including ours.


(http://www.ruby-lang.org/) C:\Users\jcleek\AppData\Local\Temp\ocrACDA.tmp\bin\rubyw.exe

(AgileBits) D:\Program Files (x86)\1Password 4\Agile1pAgent.exe
() C:\Program Files\pia_manager\pia_manager.exe

(http://www.ruby-lang.org/) C:\Users\jcleek\AppData\Local\Temp\ocr6D5B.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe


This error is not good and needs to be corrected or reboot a couple times and recheck the Event Logs and make sure it's not an ongoing issue.

Error: (10/23/2014 04:02:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


The Event Logs show that your computer is having some issues. Some appear to probably be related to the  VPN you're using possibly.

 

Error: (10/20/2014 06:33:25 PM) (Source: Application Error) (EventID: 1005) (User: )Description: Windows cannot access the file  for one of the following reasons:there is a problem with the network connection, the disk that the file is stored on, or the storagedrivers installed on this computer; or the disk is missing.Windows closed the program stg MFC Application because of this error.Program: stg MFC ApplicationFile:The error value is listed in the Additional Data section.User Action1. Open the file again.This situation might be a temporary problem that corrects itself when the program runs again.2.If the file still cannot be accessed and    - It is on the network,your network administrator should verify that there is not a problem with the network and that the server can be contacted.    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.4. If the problem persists, restore the file from a backup copy.5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor forfurther assistance.Additional DataError value: C00000C4Disk type: 0Error: (10/20/2014 06:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: stg.exe, version: 1.4.5.0, time stamp: 0x3a9fb58fFaulting module name: stg.exe, version: 1.4.5.0, time stamp: 0x3a9fb58fException code: 0xc0000006Fault offset: 0x0002f040Faulting process id: 0x5b0Faulting application start time: 0xstg.exe0Faulting application path: stg.exe1Faulting module path: stg.exe2Report Id: stg.exe3Faulting package full name: stg.exe4Faulting package-relative application ID: stg.exe5System errors:=============Error: (10/24/2014 07:20:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Error: (10/23/2014 09:37:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Error: (10/23/2014 06:44:34 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Error: (10/22/2014 04:14:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Error: (10/22/2014 02:58:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error:%%1053Error: (10/22/2014 02:58:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.Error: (10/21/2014 08:25:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Error: (10/21/2014 02:22:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).Error: (10/21/2014 03:16:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Error: (10/20/2014 08:17:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.Microsoft Office Sessions:=========================Error: (10/24/2014 02:24:38 AM) (Source: SideBySide) (EventID: 9) (User: )Description: C:\Users\jcleek\AppData\Roaming\Outlook Appins\Rebuild Birthdays and Anniversaries 2.0\adxloader.dll.ManifestC:\Users\jcleek\AppData\Roaming\Outlook Appins\Rebuild Birthdays and Anniversaries 2.0\adxloader.dll.Manifest2Error: (10/24/2014 02:24:33 AM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1Error: (10/23/2014 04:02:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description:Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied.Error: (10/22/2014 09:16:55 AM) (Source: MsiInstaller) (EventID: 11925) (User: CIS)Description: Product: Amazon Music Importer -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.(NULL)(NULL)(NULL)(NULL)(NULL)Error: (10/22/2014 04:49:33 AM) (Source: SideBySide) (EventID: 9) (User: )Description: C:\Users\jcleek\AppData\Roaming\Outlook Appins\Rebuild Birthdays and Anniversaries 2.0\adxloader.dll.ManifestC:\Users\jcleek\AppData\Roaming\Outlook Appins\Rebuild Birthdays and Anniversaries 2.0\adxloader.dll.Manifest2Error: (10/22/2014 04:49:28 AM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1Error: (10/21/2014 03:12:21 AM) (Source: SideBySide) (EventID: 9) (User: )Description: C:\Users\jcleek\AppData\Roaming\Outlook Appins\Rebuild Birthdays and Anniversaries 2.0\adxloader.dll.ManifestC:\Users\jcleek\AppData\Roaming\Outlook Appins\Rebuild Birthdays and Anniversaries 2.0\adxloader.dll.Manifest2Error: (10/21/2014 03:12:17 AM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1Error: (10/20/2014 06:33:25 PM) (Source: Application Error) (EventID: 1005) (User: )Description: stg MFC ApplicationC00000C40Error: (10/20/2014 06:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )Description: stg.exe1.4.5.03a9fb58fstg.exe1.4.5.03a9fb58fc00000060002f0405b001cfebe1a56b7613\\ultraclassic\data\Software\SNMP Traffic Grapher\stg.exe\\ultraclassic\data\Software\SNMP Traffic Grapher\stg.exe1a730283-58a9-11e4-825d-0008ca831307
Link to post
Share on other sites
  • 1 month later...
farmersfire

farmersfire

Posted
Posted

We are running Malware Bytes 2.0.4.1028 deployed on about 20 PCs.  We also use Office 365 and have the exact symptoms described here.  Essentially, NSLOOKUP for outlook.office365.com gets blocked locally.  The request never makes it to our internal domain controller.  NSLOOKUP continues to function properly for all other tested domains.

 

outlook.office365.com is a CNAME for lb.geo.office365.com.  That name continues to resolve without issue.  It is a lookup specifically for outlook.office365.com that is being stopped right at the client PC.

 

This has occurred on nearly every PC in our office (20 of them), but does not happen systemically/concurrently.  Frequency-wise I'm getting about one report a day across the 20 PCs, but perhaps more issues are going unreported.  Individual PCs will fail to connect and users often don't realize until they see that they haven't gotten any emails or their sent messages are hanging in their outbox.

 

The only ways I've found to allow users to reconnect are:

  1. Have them reboot their PC.  Logging off and back in does not work, the PC must be rebooted.  OR
  2. Disable Malicious Website Protection.  This immediately causes NSLOOKUP to succeed and Outlook client to reconnect.

I can also send my diagnostic logs, but will it only be relevant to send WHILE the issue is occurring?  To be clear, after re-enabling the protection NSLOOKUP continues to be able to lookup outlook.office365.com, MBAM does not immediately block again.

 

This other user seemed to be having the same symptom: https://forums.malwarebytes.org/index.php?/topic/161172-issues-with-mbam/

 

Please advise what additional information may be needed, and if the log generation needs to be run while MBAM is blocking the NSLOOKUP or at any time?

 

Thanks,

Alex

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hello and welcome:

 

We are running Malware Bytes 2.0.4.1028 deployed on about 20 PCs.  We also use Office 365 and have the exact symptoms described here. 

 

Until AdvancedSetup returns....

 

The current version of MBAM for Business/Enterprise is version 1.75, not 2.0.4.1028.

Use of the consumer version in a business environment would be a EULA violation.

 

Moreover, this forum is geared primarily to home users running the consumer version on their personal computers.

 

So, I would suggest that you might want to open a ticket at the Business Help Desk >>HERE<<.

The dedicated business support team can assist you with your technical issues on all those endpoints, and they and assist you with obtaining the proper licensing.

If you already have a Business license, then that license entitles you to free support from that team. :)

 

Thanks very much,

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.