About the time I installed this v3.74... update, Microsoft Teams has begun to flag the SCORM packages being produced, saying Teams has detected Malware and features are disabled. Has anyone else seen this?
I understand you are having an issue with your SCORM packages triggering malware detection. I'm sorry you're running into this snag! I have opened a support case on your behalf. You may have seen the support email that was sent. Our support engineers will be in contact soon to help you through this issue.
I am having the same issue today with 1 of 6 files I saved to MS Teams for our LMS team to use. They were all published exactly the same way, but 1 is causing the "Malware detected" error.
I'm seeing the same issue with some of the scorm files on Microsoft Teams - Malware Detected. Some Commands are Disabled. What was the outcome of this conversation since that would apply to my files as well?
Great question! I understand that Microsoft Teams is detecting malware in your SCORM files. I see you've opened a support case and are working with Mick. You are in good hands! If you have any questions about the case, please respond within the case via email.
I can’t upload material to an external site so shared with you to check. Can you pls check the package I sent yesterday and confirm if it is safe or not.
I am having the same issue with some, but not all, of the files I package being flagged as malware on my client's SharePoint. When I open the URLs directly, they claim to be infected with "Phish_Gen_TiRanosBlocker_Gen#". I have scanned them multiple times and am 99% sure it is a false positive, but if there is a way I can help the Articulate team pinpoint what exactly is causing this flag, I'd be happy to help. Sadly, simply telling my client "it's a false pos" won't help; I'm currently reverting back to an older version of Storyline to try and see if that helps.
[edit] Reverting to 3.73 did not help either. I have opened a case to try and get to the bottom of this.
Good call on opening a support case! I can see that my colleague JC has already assisted you on the issue. If you have any additional questions or inquiries, please let us know through the case and we'll be glad to help!
I see that you've connected with my teammate, John Carlo. He reported that tests using metadefender.com confirm that this is indeed a false-positive alert. Articulate has no control over it since it's only specific to SharePoint. John Carlo also suggested reaching out to SharePoint support, who can better help with SharePoint-specific issues.
Please feel free to reply to the email in your support case, but I'm happy to assist further as needed!
My colleague and I, along with our client, are experiencing this issue. Our SCORM packages are being flagged as malware by Microsoft Teams and SharePoint.
Has anyone found a solution or workaround for this issue? Any advice or suggestions would be greatly appreciated.
Has there been any resolution to this? We encountered the same issue today with Sharepoint. Our IT department is seeing an error, Phish_Gen_TiRanosBlocker_Gen#.
We've identified that the behavior might be a false-positive flag that's happening on Sharepoint's end. You can check out my colleague Eric's response here for a test that you can do to confirm if your published output does indeed contain any malware.
Following as we are getting the same error re "Phish_Gen_TiRanosBlocker_Gen#". Seems to be a pattern around Teams based zip file supply. I dont know what/how the system is seeing this file bc when I run a search and virus check on this file, there is no such item.
Given other posts I've seen, this looks to be another Microsoft false positive recognising it as "Phish_Gen_TiRanosBlocker_Gen#" but is prob something else entirely unremarkable (not a virus).
Sorry for any confusion! I've gone ahead and re-inserted the link, so it should be working accurately. If you're still having trouble, please let me know.
Hi Support, We are seeing this storyline course package being seen as Malware on our clients Sharepoint.
The following error appears:
"contains the following: "Phish_Gen_TiRanosBlocker_Gen#".
Cannot open the file at this time. For more information, contact your administrator."
We are using version September 5, 2023 (Build 3.79.30921.0).
Please advise if this can be fixed on Storyline's end as it must be something that was introduced into the packaged output to cause this as it was not happening when were publishing using the version: February 28, 2023 (Build 3.73.29904.0)
This is a high priority fix as we can't simply go to the client and say it's your SharePoint that has the problem and not the file.
If an antivirus program has outdated definitions, it may mistakenly classify a legitimate file as a false positive, which is most likely what is happening here. Another common reason for false positives is heuristic detection, which identifies potential threats based on behavioral patterns. This approach can occasionally flag legitimate files that exhibit behaviors similar to malware.
One test that you can do to confirm that your Storyline 360 course is malware free is to test using the following sites:
If both websites confirm that the published output is malware free, then you can share this result with your client. From here, they can update their virus definitions to include the file that was falsely being flagged as malicious.
33 Replies
I have seen issues with cloud storage and other than storage issues. We never do any storage on TEAMS.
This post was removed by the author
Hi Craig,
I understand you are having an issue with your SCORM packages triggering malware detection. I'm sorry you're running into this snag! I have opened a support case on your behalf. You may have seen the support email that was sent. Our support engineers will be in contact soon to help you through this issue.
Thanks for reaching out!
I am having the same issue today with 1 of 6 files I saved to MS Teams for our LMS team to use. They were all published exactly the same way, but 1 is causing the "Malware detected" error.
what is the result if you check "Code of Conduct - Resources.zip" on VirusTotal
No security concerns identified
then it's a false positive result on MS Teams - Microsoft or your Admin has to fix this problem
Hi,
I'm seeing the same issue with some of the scorm files on Microsoft Teams - Malware Detected. Some Commands are Disabled. What was the outcome of this conversation since that would apply to my files as well?
Hi Naresh,
Great question! I understand that Microsoft Teams is detecting malware in your SCORM files. I see you've opened a support case and are working with Mick. You are in good hands! If you have any questions about the case, please respond within the case via email.
Thanks for reaching out!
you could test you Scorm files on VirusTotal (Chronicle Security, a subsidiary of Google)
if none of the 70 or so different virus scanners report a virus, then it is a problem of Teams and can only be solved there
Interesting thread. I started seeing Malware issues in SharePoint/Teams too. But only with Quiz files - not the other files I created.
And how does VirusTotally evaluate the files?
Hi,
I can’t upload material to an external site so shared with you to check. Can you pls check the package I sent yesterday and confirm if it is safe or not.
Regards,
Naresh
I am having the same issue with some, but not all, of the files I package being flagged as malware on my client's SharePoint. When I open the URLs directly, they claim to be infected with "Phish_Gen_TiRanosBlocker_Gen#". I have scanned them multiple times and am 99% sure it is a false positive, but if there is a way I can help the Articulate team pinpoint what exactly is causing this flag, I'd be happy to help. Sadly, simply telling my client "it's a false pos" won't help; I'm currently reverting back to an older version of Storyline to try and see if that helps.
[edit] Reverting to 3.73 did not help either. I have opened a case to try and get to the bottom of this.
Hello Melissa,
Good call on opening a support case! I can see that my colleague JC has already assisted you on the issue. If you have any additional questions or inquiries, please let us know through the case and we'll be glad to help!
Hi Melissa,
Thanks for reporting this!
I see that you've connected with my teammate, John Carlo. He reported that tests using metadefender.com confirm that this is indeed a false-positive alert. Articulate has no control over it since it's only specific to SharePoint. John Carlo also suggested reaching out to SharePoint support, who can better help with SharePoint-specific issues.
Please feel free to reply to the email in your support case, but I'm happy to assist further as needed!
Hello Community,
My colleague and I, along with our client, are experiencing this issue. Our SCORM packages are being flagged as malware by Microsoft Teams and SharePoint.
Has anyone found a solution or workaround for this issue? Any advice or suggestions would be greatly appreciated.
Thank you in advance for your help.
Has there been any resolution to this? We encountered the same issue today with Sharepoint. Our IT department is seeing an error, Phish_Gen_TiRanosBlocker_Gen#.
Hi Kim,
Happy to help!
We've identified that the behavior might be a false-positive flag that's happening on Sharepoint's end. You can check out my colleague Eric's response here for a test that you can do to confirm if your published output does indeed contain any malware.
Feel free to open a case with our support team here if you'd like us to dig deeper into the behavior you're experiencing.
Following as we are getting the same error re "Phish_Gen_TiRanosBlocker_Gen#". Seems to be a pattern around Teams based zip file supply. I dont know what/how the system is seeing this file bc when I run a search and virus check on this file, there is no such item.
Given other posts I've seen, this looks to be another Microsoft false positive recognising it as "Phish_Gen_TiRanosBlocker_Gen#" but is prob something else entirely unremarkable (not a virus).
Hi Mata,
Thanks so much for sharing what you're experiencing in this thread! If you haven't already, I recommend checking out our colleague Eric's response earlier in this thread.
If you'd like, feel free to open a support case so we can investigate the behavior on your end!
Have a great start to your week! ✨
Hi Luciana, that link took me to the generic https://community.articulate.com/ page. Can you resupply a link.
Hi Mata,
Sorry for any confusion! I've gone ahead and re-inserted the link, so it should be working accurately. If you're still having trouble, please let me know.
Have a great start to your day!
Hi Support, We are seeing this storyline course package being seen as Malware on our clients Sharepoint.
The following error appears:
"contains the following: "Phish_Gen_TiRanosBlocker_Gen#".
Cannot open the file at this time. For more information, contact your administrator."
We are using version September 5, 2023 (Build 3.79.30921.0).
Please advise if this can be fixed on Storyline's end as it must be something that was introduced into the packaged output to cause this as it was not happening when were publishing using the version: February 28, 2023 (Build 3.73.29904.0)
This is a high priority fix as we can't simply go to the client and say it's your SharePoint that has the problem and not the file.
Kind regards,
Samuel @BSI Digital
Hi Samuel,
Happy to chime in!
If an antivirus program has outdated definitions, it may mistakenly classify a legitimate file as a false positive, which is most likely what is happening here. Another common reason for false positives is heuristic detection, which identifies potential threats based on behavioral patterns. This approach can occasionally flag legitimate files that exhibit behaviors similar to malware.
One test that you can do to confirm that your Storyline 360 course is malware free is to test using the following sites:
If both websites confirm that the published output is malware free, then you can share this result with your client. From here, they can update their virus definitions to include the file that was falsely being flagged as malicious.
Let me know if you have any questions!