Microsoft Says a File Has a Virus

It seems like Microsoft has decided to flag the domain we use for media files as unsafe, putting up a big red screen telling people to proceed with caution.

After a thorough research, we have no reason to believe there's anything to it.

What to tell your customers

Tell them to either:

• Ignore the warning
• Turn off the SmartScreen Filter (see instructions here)
• Switch to another browser

Summary

We've reached out to Microsoft and not heard back. We have implemented security measures and scanned all hundreds of thousands of files using leading malware scanners, without finding anything suspicious.

At this point, I can't think of anything else to do to resolve this. It's ultimately under Microsoft's control, and they don't seem to be interested in cooperating at all.

If anyone has any good ideas or a contact at Microsoft, please get in touch and let us know!

The Details

The situation seems to be that someone has flagged one of the millions of files uploaded to Simplero as malicious. We have no idea which files it may be. We've reached out to Microsoft, but not heard back, so we're currently fighting blind.

We've scanned all the files with industry-standard virus and malware scanning software and not found anything suspicious at all. We'll also be restricting the types of files we allow people to upload, and we're going to restrict access to some of the files already uploaded.

Audios, videos, and images should be safe, as well as PDFs, office documents, and the like. Although I have heard cases of Word documents containing viruses in macros, so maybe we need to restrict those, too?

Again, since we don't know what we're looking for, and since us removing the offending file(s) may not have any immediate effect on the SmartScreen filter, it's difficult to know of what we're doing is working, and so we have to cast a bit of a wider net than would be necessary if we did have any information to go by.

It would seem to me that the right thing for Microsoft to do when this happens would be to contact the owner of the domain and let them know there's a problematic file. It would help users of other browsers, too, to get the file removed. Alas, that's not how Microsoft does business.