Windows 10: Has anyone ever had a file from Microsoft.com get flagged as malicious? Is it safe?

Our firewall is identifying the file being downloaded from here 2.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f4612029?P1=1701954557&P2=404&P3=2&P4=McNpfOQj9mJNU0C3bPFht%2Brb6MQzXlXxM%2B6VlcZzMBgwIP8/k1abbXViSBH14culRunGhGVgsX7bgLiUEKCLKQ%3D%3D as being malicious. I have tried running the location and file through other malware tools for verification, but they come back as inconclusive. Based on my investigation, it appears that the traffic may be getting initiated though delivery optimization.

:)

 

OneDriveUpdateTask.exe being flagged as malicious

Hello, my PC is constantly executing the file "OneDriveUpdateTask.exe", which is creating temporary files that are being flagged as malicious by my antivirus software. I'm not sure if these are actually malicious or false flagged. Thank you for your time.

 

system32 DLLs flagged as malicious

I downloaded Autoruns to help me identify malware on my computer. My computer is experiencing incoming and outgoing connections to IPs that are flagged as malicious by Virustotal and/or AbuseIPDB. In addition to dropped connections.

Initially 14 microsoft files were flagged as malicious by Virustotal.

Msiexec.exe. Trojan.generic.c1.70. sangfor engine zero.

ipsecsvc.dll.malicious

Rasmans.dll. malicious. SecureAge

Scardsvr.dll. malicious

Schedsvc.dll.malicious

Sessenv.dll. malicious

umrdp.dll. malicious

Workfoldersshell.dll. malicious

gatherNetworkInfo.vbs. McAfee-GW-edition. BehavesLike.VBS.backdoor.mp.

Appxdeploymentservrr.dll. malicious

Bcastdvruserservice.dll. malicious

dcsvc.dll. malicious

ngccredprov.dll. malicious

Updatepolicy.dll. malicious

Here is the interesting part. I did a reformat and windows 10 pro 21H2 install. 9 of the above had no detections post install. gathernetworkinfo.vbc, ipsecsvc.dll, ngccredprov.dll were malicious. Three new dlls were flagged: installservicetasks.fll, smsroutersvc.dll, & xblauthmanager.dll. dcsvc.dll disappeared. I forgot to check updatepolicy.dll. I thought this is great progress. I discovered 21H2 19044.1288 was

not the latest so I upgraded in place to 22H2. I thought after this upgrade there would be no more detections.

After updates my current version is 22H2 19045.3208. Here is the bad news. 9 dlls that had no detections now have detections. Sessenv.dll still has no detection. Smsroutersvc.dll, xblauthmanager.dll, and installservicetasks.dll no longer have any detections. Updatepolicy.dll has no detection. Gathernetworkinfo.vbs , ipsecsvc.dll, and ngccredprov.dll still have detections. These results seem to rule out false positive.

I need clean versions of the dlls. There may be more dlls that are malicious.

I downloaded from www.microsoft.com/en-us/software-download/windows10

Thanks

 

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

It makes me think that Microsoft should just patch the OS itself to prevent all .bios files from being flashed w/o 2-step authentication first to safe guard against these malicious attacks. Something that important should be better guarded against for these kinds of exploits.