PDF "Contains a Virus" when downloading via MS Edge

Question

PDF "Contains a Virus" when downloading via MS Edge

kavdev opened this issue 7 years ago · comments

Alexander Kavanaugh commented 7 years ago

Description

MS Edge flags the PDF as a virus:

Browser Details:
Microsoft Edge 41.16241.1001.0
Microsoft EdgeHTML 16.16241

OS Details:
Windows 10 Pro Insider Preview
Build 16241.rs_prerelease.170708-1800

No issues using Chrome latest.

Alexander Kavanaugh · Answer 1 · Thu Jul 20 2017 05:29:16 GMT+0800 (China Standard Time)

See also Insider Feedback (includes monitoring report): https://aka.ms/V2ecat

Daniel Roy Greenfeld · Answer 2 · Thu Jul 20 2017 05:31:50 GMT+0800 (China Standard Time)

Thanks for posting this here @kavdev. Steps I've taken so far:

Checked on our own Windows laptop, which runs MS Edge 40.1528 (older). It does not register a virus. We tried updating the MS Edge, but Windows claims its up-to-date.
Checked the laptops that generate the PDFs for viruses. They are running 10.10.5 OS.
Checked to see if Xelatex, which generates the PDF, is rumored to have a virus.

I wonder if it's a false positive, but not being a security expert, I just don't know.

Bartek Ogryczak · Answer 3 · Thu Jul 20 2017 05:40:24 GMT+0800 (China Standard Time)

@kavdev your computer is infected with ZeroAccess trojan.
see https://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/

Alexander Kavanaugh · Answer 4 · Thu Jul 20 2017 06:11:05 GMT+0800 (China Standard Time)

I'm pretty sure it's just a bug in the latest Edge. They just added some "security features".

@vartec I'm fairly sure that's not it, but I'll run a scan.

Bartek Ogryczak · Answer 5 · Thu Jul 20 2017 07:06:03 GMT+0800 (China Standard Time)

@kavdev I'd expect a legitimate warning from Windows Defender to look more like this:

Eric Lawrence · Answer 6 · Thu Jul 20 2017 08:22:10 GMT+0800 (China Standard Time)

Historically, this alert was shown when an IOfficeAntivirus::Scan implementor returned E_FAIL.

When you say "No issues with Chrome latest" are you including File Download (not just display)? I ask because Chrome also calls the IOAV::Scan method, so you should generally expect to see the same outcome there.

Other possibilities include Edge using a newer interface (the Antimalware Scan Interface); Chrome doesn't use that one, or there's simply a bug in Edge.

Alexander Kavanaugh · Answer 7 · Thu Jul 20 2017 13:14:47 GMT+0800 (China Standard Time)

@vartec I did a full scan with nod32; no dice.

When you say "No issues with Chrome latest" are you including File Download (not just display)? I ask because Chrome also calls the IOAV::Scan method, so you should generally expect to see the same outcome there.

Yep, downloaded and all.

Daniel Roy Greenfeld · Answer 8 · Tue Jul 25 2017 05:46:18 GMT+0800 (China Standard Time)

Closing this as I think it is an isolated issue with experimental Microsoft software. We'll reopen it if that turns out not to be the case.