I have seen a couple instances of a suspicious session alert that references a second session for a user a few minutes after a normal login. The first session shows the user’s normal location, and the second session (in two alert instances) shows this:Registrant Microsoft Azure Location Singapore, SG Host Name unknown User Agent MSOCS Service Name Box for Microsoft Office (Desktop) This looks like a session that may be created by the Box for Msft Office function, but the fact that Box Shield is flagging it as a suspicious session makes me wonder. Has anyone else seen this type of alert, and determined whether it is innocuous or malicious?

Suspicious Session Alert

I have seen a couple instances of a suspicious session alert that references a second session for a user a few minutes after a normal login. The first session shows the user’s normal location, and the second session (in two alert instances) shows this:

Registrant	Microsoft Azure
Location	Singapore, SG
Host Name	unknown
User Agent	MSOCS
Service Name	Box for Microsoft Office (Desktop)

This looks like a session that may be created by the Box for Msft Office function, but the fact that Box Shield is flagging it as a suspicious session makes me wonder. Has anyone else seen this type of alert, and determined whether it is innocuous or malicious?

Page 1 / 1

Hi @bbryan,

Welcome to Box Community, and we’ll help review session alert.

To further assist, I’ve submitted a new case and someone from Box Product Support team will reach out to you through email. Please keep an eye out and we will be in touch.

Thanks for posting, and we hope to get this sorted out very soon.

Thank you, Rona. Will have an eye out for the followup.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded