Forum Discussion

CraigBunyea-23d's avatar
CraigBunyea-23d
Community Member
2 years ago

Storyline v3.74.30180.0 course packaging infected with Malware?

About the time I installed this v3.74... update, Microsoft Teams has begun to flag the SCORM packages being produced, saying Teams has detected Malware and features are disabled.
Has anyone else seen this?

  • KimAudinet's avatar
    KimAudinet
    Community Member

    Has there been any resolution to this?  We encountered the same issue today with Sharepoint.  Our IT department is seeing an error, Phish_Gen_TiRanosBlocker_Gen#. 

     

  • Following as we are getting the same error re "Phish_Gen_TiRanosBlocker_Gen#". Seems to be a pattern around Teams based zip file supply. I dont know what/how the system is seeing this file bc when I run a search and virus check on this file, there is no such item. 

    Given other posts I've seen, this looks to be another Microsoft false positive recognising it as "Phish_Gen_TiRanosBlocker_Gen#" but is prob something else entirely unremarkable (not a virus).

  • Hi Mata, 

    Sorry for any confusion! I've gone ahead and re-inserted the link, so it should be working accurately. If you're still having trouble, please let me know. 

    Have a great start to your day! 

  • Hi Support, We are seeing this storyline course package being seen as Malware on our clients Sharepoint.

    The following error appears:

    "contains the following: "Phish_Gen_TiRanosBlocker_Gen#".

    Cannot open the file at this time. For more information, contact your administrator."

    We are using version September 5, 2023 (Build 3.79.30921.0).

    Please advise if this can be fixed on Storyline's end as it must be something that was introduced into the packaged output to cause this as it was not happening when were publishing using the version: February 28, 2023 (Build 3.73.29904.0)

    This is a high priority fix as we can't simply go to the client and say it's your SharePoint that has the problem and not the file. 

    Kind regards,

    Samuel @BSI Digital

     

     

    • JoseTansengco's avatar
      JoseTansengco
      Staff

      Hi Samuel, 

      Happy to chime in!

      If an antivirus program has outdated definitions, it may mistakenly classify a legitimate file as a false positive, which is most likely what is happening here. Another common reason for false positives is heuristic detection, which identifies potential threats based on behavioral patterns. This approach can occasionally flag legitimate files that exhibit behaviors similar to malware.

      One test that you can do to confirm that your Storyline 360 course is malware free is to test using the following sites: 

      If both websites confirm that the published output is malware free, then you can share this result with your client. From here, they can update their virus definitions to include the file that was falsely being flagged as malicious. 

      Let me know if you have any questions!

      • eLearningTeam-6's avatar
        eLearningTeam-6
        Community Member

        The issue went away magically and now it has happened again. We can confirm that there is no virus or malware present in the zip file that was uploaded onto SharePoint. The issue is that it doesn't affect all files that we upload and only random ones. It is a very annoying issue as this issue was not present in past Storyline published files.

  • Is there any further information on this issue? My client receives virus warnings on all of my quiz files that I upload to Teams. I have checked my files in the malware sites and there is no issue with them. However, my client will not download the files. I submitted a case this summer with Articulate and they were not able to help me. Thanks.

    • JoseTansengco's avatar
      JoseTansengco
      Staff

      Hello Maggie, 

      Good call on opening a support case! A supper engineer will be in touch shortly to investigate why your files are being tagged as malicious. In the mean time, you can check out my response here which contains links to some tools that you can use to confirm that your files are malware free. You can provide the results from those tests to your client to let them know that what they're seeing is most likely a false positive, and that they'll need to update their virus definitions to correct the behavior.

  • Its a microsoft thing! Security issue... there's aaaalways security issues with MS...
    There's nothing wrong with the files themselves (tested in scormcloud). 
    We keep supplying the files on our sharepoint to our LMS and they work fine even though MS says they're dubious.

    • PhillipLough233's avatar
      PhillipLough233
      Community Member

      Interesting, and not surprising. It seems to have just started happening with us on Sharepoint.

      Unfortunately, our corporate policies lock the folder and keep us from sending to the LMS for publication. That also keeps me from being able to download and scan.

  • AdamFoulkes's avatar
    AdamFoulkes
    Community Member

    We have this issue too.
    I have asked our IT team to take a look at this for us. He has been in contact with Microsoft and here is their response:

    Thank you for sharing the detected file.

    I’ve ran a scan with an internal tool and the file seems to be detected by external entities.

    This means, as we’ve discussed in our call, that the application vendor should work internally to find if there were any changes in the signatures or keys that are causing this detection.

    From Microsoft’s side there isn’t much we can do other than help the app vendor identify the issue but, only in case they use Microsoft’s security products. Otherwise, they must try to solve the issue alone or with their security product providers.

    Unfortunately, this is as far as we can help you at this time, regarding this issue.

    Articulate devs - please help us as this is causing more work for us to get SCORM files loaded onto our LMS as we use MS Teams to circulate them.

    Thanks in advance,

    Adam

    • StevenBenassi's avatar
      StevenBenassi
      Staff

      Hi Adam!

      Sorry to hear you've also been affected by this behavior!

      Thank you for sharing the detailed feedback. I've opened a support case on your behalf so our support engineers can look into this issue further. You're in excellent hands troubleshooting with them, and they should be reaching out to you shortly!

      We can continue the conversation through your case to help keep all information in one spot.

  • KevanNorr's avatar
    KevanNorr
    Community Member

    I've been posting Storyline files to Teams/Sharepoint for about the past 4 years and today I got a message from our Security outfit telling me that a file got the dreaded "contains the following: "Phish_Gen_TiRanosBlocker_Gen#" virus. Has anything been found out or resolved about this issue? I tested the file on the 2 websites suggested above with no malware found. I also used Malware Bytes and Windows Defender and neither of those things found anything on my computer or in that file. I'm not sure what to do to get this file on Teams.

    • JoseTansengco's avatar
      JoseTansengco
      Staff

      Hi Kevan,

      Happy to chime in! 

      If Windows Defender and other anti-malware software are not detecting any issues with your published output, that most likely means there's a configuration in your Microsoft Teams settings that needs to be changed to prevent this false positive from being reported by your system.

      Since the behavior is specific to Microsoft Teams, and Articulate has no control over this platform and how it detects malware, I suggest raising this concern with Microsoft Teams support as they will be more equipped than us to address platform-specific issues. Feel free to open a case with our support team here if Microsoft Teams support requires any additional information to modify this behavior on their end.