Web Protection blocks access to a Microsoft site

Good morning,
from today after I start the PC Avast Free detects this malicious url and the connection is blocked by the web protection in svchost.exe

Do you think it could be a false positive or a real malware process?

It could be a false positive but seeing as it’s coming from svchost.exe and not from an actual browser, it suggests it’s something on your computer using Svchost and trying to connect online. Were you using a Microsoft product at the time or on a Microsoft-related website? It could be a Microsoft product trying to make a connection to an online host somewhere and Avast flagged it.

I also googled ‘oneocsp’ from the URL and this reddit thread from less than 24 hours ago regarding AVG flagging the same thing came up as the first result.

https://www.reddit.com/r/antivirus/comments/1e7ma41/oneocspmicrosoftcom_being_flagged_by_avg_randomly/?rdt=60693

I would just run the typical scans (Quick scan at minimum, maybe a full scan and/or a Malwarebytes scan) to be sure. If nothing comes up, you’re probably fine.

Whilst it isn’t unusual to see svchost.exe misused by malware to get outbound connection. However this going to a Microsoft location would appear legit.

I was wondering if this might be an invalid site certificate that we have seen in the forum before. Now I don’t know if this threw up the same alert or just invalid certificate or not.

So I did a search on - oneocsp.microsoft.com/ocsp to see what that threw up - https://www.google.co.uk/search?q=oneocsp.microsoft.com%252Focsp
There are some that are certificate related and the Azure product (are you using that) “Azure App Service” and others.

Thanks for the support which I greatly appreciated. :slight_smile:
It was probably the connection attempt of my Microsoft account on the PC that had disconnected or something that was left in the browser cache, but I think it’s more the first hypothesis.
After clearing the browser cache and logging in to the PC’s Microsoft account, no pop-ups appeared anymore.
However, from scans done with Avast and second opinion the PC is clean.

You’re welcome.