https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3750747#M227 <P>Global&nbsp;passing is what I'm interested in because I'm not a Cisco customer. I'm the&nbsp;creator of the file that is being flagged.</P> <P>How would I go about opening a TAC case?</P> <P>&nbsp;</P> <P>Aside from&nbsp;focusing on a specific file, is there a way to submit a signature to Cisco so that any file signed with that signature can pass as not malicious?</P> Wed, 21 Nov 2018 13:54:34 GMT tyler.johnson 2018-11-21T13:54:34Z https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3749432#M225 <P>We have a downloadable executable that is being flagged.&nbsp;It is a signed Windows executable. Is it possible to register with Cisco as a whitelisted vendor so that executables with our signature don't trigger false positives? Is there any other option to prevent&nbsp;alarming the end user?</P> Fri, 21 Feb 2020 05:06:57 GMT https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3749432#M225 tyler.johnson 2020-02-21T05:06:57Z https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3750611#M226 <P>Hi</P> <P>&nbsp;</P> <P>You can add the SHA value of that to whitelist in your policy. If you believe the file is not malicious at all and should not be marked malicious globally, please open TAC case to request for FP analysis.</P> <P>&nbsp;</P> <P>Hope it helps,</P> <P>Yogesh</P> Wed, 21 Nov 2018 10:43:49 GMT https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3750611#M226 yogdhanu 2018-11-21T10:43:49Z https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3750747#M227 <P>Global&nbsp;passing is what I'm interested in because I'm not a Cisco customer. I'm the&nbsp;creator of the file that is being flagged.</P> <P>How would I go about opening a TAC case?</P> <P>&nbsp;</P> <P>Aside from&nbsp;focusing on a specific file, is there a way to submit a signature to Cisco so that any file signed with that signature can pass as not malicious?</P> Wed, 21 Nov 2018 13:54:34 GMT https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3750747#M227 tyler.johnson 2018-11-21T13:54:34Z https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3751307#M228 <P>Hello Tyler</P> <P>&nbsp;</P> <P>&nbsp;If you think the file is not malicious then you can add it to the whitelist option and you can allow this file in your environment. But if you are looking for a global passing, then Cisco TALOS will have to review the file and update the disposition only if the file is not malicious or not showing any high threat score. If the file is not showing any malicious behaviour then TALOS will do the needful. As an initial step you can open the case with Cisco TAC and they will involve the TALOS team to verify the same. Please provide the file sample&nbsp;along with the&nbsp;sha value while opening the case with Cisco TAC.</P> <P>&nbsp;</P> <P>Regards</P> <P>Jetsy&nbsp;</P> <P>&nbsp;</P> Thu, 22 Nov 2018 09:10:28 GMT https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3751307#M228 Jetsy Mathew 2018-11-22T09:10:28Z https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3751388#M229 <P>How do I open a case with Cisco TAC?&nbsp;</P> <P>I tried calling Cisco support on the phone and they wouldn't help since I'm not a Cisco customer.</P> Thu, 22 Nov 2018 12:28:20 GMT https://community.cisco.com/t5/endpoint-security/false-positives-from-cisco-amp/m-p/3751388#M229 tyler.johnson 2018-11-22T12:28:20Z