Author Topic: Office365 Autodiscover.xml blocked  (Read 2852 times)

0 Members and 1 Guest are viewing this topic.

Offline randy_randy

  • Newbie
  • *
  • Posts: 10
Office365 Autodiscover.xml blocked
« on: September 11, 2013, 04:44:32 PM »
We have Office365 online services for Exchange.  This morning, one user is being block from connecting.
I don't know why it is just the one but assume it will migrate to the others too.

MALICIOUS URL BLOCKED
Object: http://autodiscover.<mydomain>.onmicrosoft.com/autodiscover/autodiscover.xml
Invection: URL:Mal
Process: c:\program files\Microsoft Office\Office14\Outlook.exe

I reported as a false positive in the pop-up alert, but need a faster solution than "in the next update"
I know how to mark an executable as safe but how do I do the same for a URL ?
Or is there a different/better way to get this going?


Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 1816
Re: Office365 Autodiscover.xml blocked
« Reply #1 on: September 12, 2013, 08:23:26 AM »
Hello,
post the whole URL (without "http://"), please.

Milos

Offline randy_randy

  • Newbie
  • *
  • Posts: 10
Re: Office365 Autodiscover.xml blocked
« Reply #2 on: September 12, 2013, 05:22:41 PM »
Support confirmed that this was a false positive and the definition files were subsequently updated. 

Yesterday I was able to turn off the Network Shield for all users via the Admin console by editing the group settings.  This allowed the clients to maintain their connection to Office365 servers. 

Now that the definitions are updated I turned the Network Shield back on again via the console (also had to hit the start services button on that screen).  Connection to Office365 was maintained so all looks good again.

Offline Thom_NCC

  • Newbie
  • *
  • Posts: 3
Re: Office365 Autodiscover.xml blocked
« Reply #3 on: October 16, 2017, 09:39:36 PM »
We are having the same issue for the last week.  It started all of a sudden with the latest Avast update.  Please help, it's driving my users crazy.

We've safely aborted connection on autodiscover.necare.onmicrosoft.com because it was infected with URL:MAL

Threat Name:  URL:MAL
Severity (first third of graph)
URL:  http://autodiscover.necare.onmicrosoft.com/autodiscover/autodiscover.xml
Process:  C:\Program Files (x86)\Microsoft Office\root\Office16\Outlook.exe
Detected by:  Web Shield
Status:  Connection aborted

Offline Asyn

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 49533
  • Merry Christmas..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Office365 Autodiscover.xml blocked
« Reply #4 on: October 17, 2017, 04:58:28 AM »
You can report a URL here: https://www.avast.com/report-a-url.php
Win 8.1 [x64] - Avast Premier 17.9.2321.Beta#3 - CC 5.38 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Thom_NCC

  • Newbie
  • *
  • Posts: 3
Re: Office365 Autodiscover.xml blocked
« Reply #5 on: October 17, 2017, 04:28:28 PM »
I have reported it twice in the last seven days to no result.
I have called the support phone number as well.  And after waiting on hold for 45 minutes hung up.  They wanted to "remote in" to my laptop, which makes no sense.  The problem isn't on my laptop.  The problem is with the autodiscover file that Office365 online uses for Exchange.  They couldn't get that through their outsourced heads.  So I waited for, as I said, 45 minutes while they had issues with "gotoassist".  I hung up when I hadn't heard back from the girl on the other end for over 15 minutes.

So yeah... so much for support.  We've been a customer for many years.  When we have an issue, it takes over a week to get results.  I'm not a happy customer at this point.

Offline Thom_NCC

  • Newbie
  • *
  • Posts: 3
Re: Office365 Autodiscover.xml blocked
« Reply #6 on: October 18, 2017, 06:17:40 PM »
I finally got a reply from my false positive submissions.  No explanation was given, however, as to what the actual issue is.  I still think the redirects that the autodiscover.xml file uses to find the closest Microsoft server(s) is falsely being detected as malware.  At least it's fixed and my users aren't being blasted with Avast warnings.

An email they sent reads:

Hello,

Thank you for contacting Avast.

Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.

We are sorry for the inconvenience. If you have any further questions, don't hesitate to contact me again.

Best Regards,
(name hidden)
The Avast Support Team

Offline Asyn

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 49533
  • Merry Christmas..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Office365 Autodiscover.xml blocked
« Reply #7 on: October 19, 2017, 09:13:14 AM »
Thanks for the feedback.
Win 8.1 [x64] - Avast Premier 17.9.2321.Beta#3 - CC 5.38 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0