dabuggin1 Posted February 14 ID:1617595 Share Posted February 14 Is this a legitimate threat? -Software Information- Version: 4.6.8.311 Components Version: 1.0.2249 Update Package Version: 1.0.80939 License: Premium -System Information- OS: Windows 11 (Build 22631.3155) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Microsoft OneDrive\OneDrive.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: onedscolprdcus06.centralus.cloudapp.azure.com IP Address: 13.89.179.8 Port: 443 Type: Outbound File: C:\Program Files\Microsoft OneDrive\OneDrive.exe (end) Link to post Share on other sites More sharing options...
TonyCummins Posted February 14 ID:1617599 Share Posted February 14 Im seeing lots of these blocks also.... Location: onedscolprdcus06.centralus.cloudapp.azure.com(13.89.179.8:443) Policy name: Desktop Policy - USB SCANNING ENABLED Process name: C:\Windows\System32\svchost.exe Report time: February 14th 2024, 22:03:53 UTC Scan time: February 14th 2024, 22:03:52 UTC Action taken: Blocked Threat name: Compromised Type: OutboundConnection Link to post Share on other sites More sharing options...
itlifesaver Posted February 14 ID:1617600 Share Posted February 14 (edited) We're getting bombarded with tickets from end users on this detection. Is Microsoft legitly compromised?! Edited February 14 by itlifesaver Link to post Share on other sites More sharing options...
DerekWK Posted February 14 ID:1617601 Share Posted February 14 Looks like they have resolved this, as I have not received Threat Detection notifications for the last 10 minutes now. Link to post Share on other sites More sharing options...
Staff shadowwar Posted February 14 Staff ID:1617604 Share Posted February 14 It has been resolved. 1 3 Link to post Share on other sites More sharing options...
danman32 Posted February 15 ID:1617734 Share Posted February 15 Resolved in what way? Where this was a legitimate threat but MS corrected the issue or This was a false report and MB fixed the detection algorithm? or something else? Link to post Share on other sites More sharing options...
danman32 Posted February 15 ID:1617736 Share Posted February 15 In my case it was reported that svchost.exe triggered the action. Since there will be multiple instances of svchost on a Windows machine, where multiple services are tied to any one svchost instances, it would be helpful if more information is provided in such cases. At least provide the PID, but better yet provide the service or DLL that triggered it. Link to post Share on other sites More sharing options...
Porthos Posted February 15 ID:1617765 Share Posted February 15 3 hours ago, danman32 said: This was a false report and MB fixed the detection algorithm? This, it was a Malwarebytes false positive block. Link to post Share on other sites More sharing options...
as2023 Posted February 15 ID:1617814 Share Posted February 15 Check out this IP address 13.89.179.8 in the Virus Total graph. Shows lots of malware files associated to it. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now