Jump to content

One Drive - Azure showing compromised


Recommended Posts

Is this a legitimate threat?


-Software Information-
Components Version: 1.0.2249
Update Package Version: 1.0.80939
License: Premium

-System Information-
OS: Windows 11 (Build 22631.3155)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Microsoft OneDrive\OneDrive.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Compromised
Domain: onedscolprdcus06.centralus.cloudapp.azure.com
IP Address:
Port: 443
Type: Outbound
File: C:\Program Files\Microsoft OneDrive\OneDrive.exe


Link to post
Share on other sites

Im seeing lots of these blocks also....


  • Location: onedscolprdcus06.centralus.cloudapp.azure.com(
  • Policy name: Desktop Policy - USB SCANNING ENABLED
  • Process name: C:\Windows\System32\svchost.exe
  • Report time: February 14th 2024, 22:03:53 UTC
  • Scan time: February 14th 2024, 22:03:52 UTC
  • Action taken: Blocked
  • Threat name: Compromised

Type: OutboundConnection

Link to post
Share on other sites

In my case it was reported that svchost.exe triggered the action.
Since there will be multiple instances of svchost on a Windows machine, where multiple services are tied to any one svchost instances, it would be helpful if more information is provided in such cases.  At least provide the PID, but better yet provide the service or DLL that triggered it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.