topic Re: False positive? in Endpoint Security

False positive?

ALTF4 — Wed, 21 May 2025 07:57:03 GMT

Heyo everyone,

Had a tonne of machines alerting for SHA256: 07cd10ab304ae0017dd903b91e2d68952508e5120073a27d6ae1affe5b0af198

I'm pretty sure this is a false positive but I've had a look and cant find any information anywhere yet cause I think its quite recent, just wanted to check in and see if anyone else has experienced the same?

Cheers!

Re: False positive?

YZ2 — Wed, 21 May 2025 08:25:27 GMT

We are facing the same challenge of identifying whether this is a false positive or whether it really is something that needs to be looked at more closely.

C:\Users\****\AppData\Roaming\Zoom\6.4.6.64360\Zoom.msi is moved to quarantine.

detected Zoom.msi as W32.07CD10AB30-95.SBX.TG

Re: False positive?

Bunged — Wed, 21 May 2025 09:20:42 GMT

We observe the same behaviour in our environment, too.

Re: False positive?

David Janulik — Wed, 21 May 2025 10:24:12 GMT

We are aware of the issue. The file disposition in Cisco Secure Endpoint, was changed. You should see the effectivity already.