https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403464#M1909 <P>Hello,</P><P>I have detected a file that was flagged by our Cisco Endpoint protection.</P><P>File Name: Get-NewLocalAdmin.ps1</P><P>Detection: W32.CFAB3E3BCA-95.SBX.TG</P><P>SHA 256: cfab3e3bca1517a535358cef7b206c65abb02470495ac929ca7b3ee0cfe3fab8</P><P>It looks like it spread across a lot of our computers and servers but it was denied. I have put it under the blocked application list.</P><P>I also found another file called "Set-LocalAdmin.ps1"</P><P>They were created in the ProgramData folder and the folder was called _Automation</P><P>I would like any advice if possible!</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="File Detected.png" style="width: 400px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263370i4B439CF3B6F7D4F3/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Location of File on End User.png" style="width: 400px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263368i33487391D148B09A/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P> Wed, 31 Jan 2024 18:13:13 GMT Kelkar 2024-01-31T18:13:13Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403464#M1909 <P>Hello,</P><P>I have detected a file that was flagged by our Cisco Endpoint protection.</P><P>File Name: Get-NewLocalAdmin.ps1</P><P>Detection: W32.CFAB3E3BCA-95.SBX.TG</P><P>SHA 256: cfab3e3bca1517a535358cef7b206c65abb02470495ac929ca7b3ee0cfe3fab8</P><P>It looks like it spread across a lot of our computers and servers but it was denied. I have put it under the blocked application list.</P><P>I also found another file called "Set-LocalAdmin.ps1"</P><P>They were created in the ProgramData folder and the folder was called _Automation</P><P>I would like any advice if possible!</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="File Detected.png" style="width: 400px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263370i4B439CF3B6F7D4F3/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Location of File on End User.png" style="width: 400px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263368i33487391D148B09A/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P> Wed, 31 Jan 2024 18:13:13 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403464#M1909 Kelkar 2024-01-31T18:13:13Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403465#M1910 <DIV><SPAN>Have more than one layer of protection, like a good antivirus for example.</SPAN></DIV><DIV><SPAN> </SPAN></DIV><DIV><SPAN>Relying solely on the firewall does not guarantee good protection, nor does having a good antivirus.</SPAN></DIV><DIV><SPAN> </SPAN></DIV><DIV><SPAN>The best thing you can do is “educate” users, create anti-phishing campaigns, etc.</SPAN></DIV> Wed, 31 Jan 2024 18:25:53 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403465#M1910 aleabrahao 2024-01-31T18:25:53Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403466#M1911 <P>Hello,</P><P>Thank you for the feedback. It turns out the issue was from our MSP running a script without notifying me <SPAN class="lia-unicode-emoji" title=":expressionless_face:"><span class="lia-unicode-emoji" title=":expressionless_face:">😑</span></SPAN></P><P>Sorry for the trouble! </P> Wed, 31 Jan 2024 18:46:24 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file-detected/m-p/5403466#M1911 Kelkar 2024-01-31T18:46:24Z