https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055647#M8266 <P>Hi, in the last few hours our Secure Endpoint has alerted to hundreds of events associated with "<SPAN class="">Gen:Variant.Jatommy.3.3433". While the files are being quarantined in most cases, i believe this may be a false positive, is anyone else seeing these alerts?</SPAN></P><P>thanks,</P> Wed, 03 Apr 2024 14:51:56 GMT johnmac 2024-04-03T14:51:56Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055647#M8266 <P>Hi, in the last few hours our Secure Endpoint has alerted to hundreds of events associated with "<SPAN class="">Gen:Variant.Jatommy.3.3433". While the files are being quarantined in most cases, i believe this may be a false positive, is anyone else seeing these alerts?</SPAN></P><P>thanks,</P> Wed, 03 Apr 2024 14:51:56 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055647#M8266 johnmac 2024-04-03T14:51:56Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055662#M8267 <P>I haven't yet... what sorts of files is it hitting on?&nbsp;&nbsp;</P> Wed, 03 Apr 2024 15:04:17 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055662#M8267 Ken Stieers 2024-04-03T15:04:17Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055663#M8268 <P><SPAN>C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b2fa8ab4e829625f.customDestinations-ms</SPAN></P> Wed, 03 Apr 2024 15:09:04 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055663#M8268 johnmac 2024-04-03T15:09:04Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055697#M8269 <P>I am seeing the same thing on a smaller scale. I have only gotten a handful of alerts today. At least at this point.</P> Wed, 03 Apr 2024 16:04:32 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055697#M8269 mpdonovan 2024-04-03T16:04:32Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055704#M8270 <P>I am seeing this happen today as well. All appear to be coming from the parent file msedge.exe. I am seeing two different hashes for this msedge.exe which both are coming up clean.</P><P>1d7e81e6a33c0dc5541770b414fb7bc9760141ec9b869dcd9466017292f99d1a</P><P>e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</P><P>C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LUHCRNBMS942Y9B7W95W.temp</P><P>C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms</P><P>C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y0FE6QYMR6IZ67O9NC0E.temp</P><P>C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T6IWKQUHJLDEE9YHH41B.temp</P> Wed, 03 Apr 2024 16:11:19 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055704#M8270 Alisabeth N 2024-04-03T16:11:19Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055716#M8271 <P>TALOS is investigating.&nbsp;</P> Wed, 03 Apr 2024 16:40:07 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055716#M8271 Matthew Franks 2024-04-03T16:40:07Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055807#M8274 <P>Does anyone know if this has officially been determined to be a False Positive?&nbsp;</P> Wed, 03 Apr 2024 20:04:17 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5055807#M8274 tbduff001 2024-04-03T20:04:17Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5056128#M8276 <P>Hi Matthew, has there been any update from Talos on this?</P> Thu, 04 Apr 2024 08:41:38 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5056128#M8276 johnmac 2024-04-04T08:41:38Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5056252#M8277 <P>Good morning. Yes, it was determined to be a False Positive. Apologies for the delay on the update, the resolution came after I was out for the day.&nbsp;</P> <P>-Matt</P> Thu, 04 Apr 2024 11:33:46 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5056252#M8277 Matthew Franks 2024-04-04T11:33:46Z https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5056259#M8278 <P>Great, thanks for that Matthew.&nbsp;</P> Thu, 04 Apr 2024 11:39:09 GMT https://community.cisco.com/t5/endpoint-security/multiple-secure-endpoint-alerts/m-p/5056259#M8278 johnmac 2024-04-04T11:39:09Z