https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5004176#M8104 <P>Check the wscript.exe alert event details! (Detected as w32.4173FC5A68.infostealer-psexec.talos.sso)</P> <P><EM><STRONG>See Annoucements Sections (Secure Endpoint)</STRONG></EM></P> <P><STRONG>False Positive Detections</STRONG></P> <P><STRONG>Important Issue</STRONG></P> <P>&nbsp;</P> <P><EM>Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.</EM></P> Wed, 24 Jan 2024 06:38:12 GMT RalphNelson 2024-01-24T06:38:12Z https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5003960#M8103 <P>Today we are seeing multiple high severity events being generated for wscript.exe sha256:&nbsp;4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523</P> <P>This is affecting multiple versions of the connector which is causing multiple endpoints to be placed into isolation.&nbsp;&nbsp;</P> <P>Is this a false positive/misclassification?</P> Tue, 23 Jan 2024 20:17:27 GMT https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5003960#M8103 mski7861 2024-01-23T20:17:27Z https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5004176#M8104 <P>Check the wscript.exe alert event details! (Detected as w32.4173FC5A68.infostealer-psexec.talos.sso)</P> <P><EM><STRONG>See Annoucements Sections (Secure Endpoint)</STRONG></EM></P> <P><STRONG>False Positive Detections</STRONG></P> <P><STRONG>Important Issue</STRONG></P> <P>&nbsp;</P> <P><EM>Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.</EM></P> Wed, 24 Jan 2024 06:38:12 GMT https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5004176#M8104 RalphNelson 2024-01-24T06:38:12Z https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5004177#M8105 <P>This is FP. Cisco is aware of this. This is what they sent</P><P><SPAN>Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.</SPAN></P> Wed, 24 Jan 2024 06:35:34 GMT https://community.cisco.com/t5/endpoint-security/multiple-false-positive-events-for-wscript-exe/m-p/5004177#M8105 muncky1 2024-01-24T06:35:34Z