Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
0
Replies

CryptnetUrlCache detection across org (false positive)?

jleisten
Level 1
Level 1

‎09-21-2022 07:16 AM

For the last few days we have received thousands of AMP detections for Trojan.Script.GenericKDZ.14123, and all in the patch below:

File path: \\?\C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E06025E52106E5FA757142B37BBBEE63

File is always the same (E06025E52106E5FA757142B37BBBEE63).  Downloading and submitting multiple instances of the "malicious" file across the detections to VirusTotal results in two of sixty engines indicating it is malicious - Arcabit and NANO-Antivirus.

We have a case open with Cisco since Monday, trying to assess if this really is malicious or if it is a false-positive.  None of the endpoints flagged by AMP with this detection seem to have any issues at all.  We've searched all sorts of things on Google to see if there are others with the same issue, and so far I can't find any thing.  No one seems to be complaining about this.  

Anyone else experiencing this same issue?

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents