Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2963
Views
0
Helpful
4
Replies

AMP for Endpoints false positive detection?

jared
Level 1
Level 1

‎01-06-2017 08:00 AM - edited ‎02-20-2020 09:03 PM

I have been notified from AMP of detecting Auto.A29577.201440.in02 from a file with SHA-254: a2957772fba9827bf5fda166282b557947ebf07ca9beadb76ff63c129ee336ea.

I've researched in:

https://supportforums.cisco.com/discussion/12702996/amp-blocking-windows-updates

https://supportforums.cisco.com/discussion/12701831/malware-false-positives-after-windows-update-releases-10november

http://www.talosintelligence.com/amp-naming/

for support and information. 

I am still unsure if the file is still a false positive. Any further information and guidance is welcome.

Thank you. 

Labels:
0 Helpful
4 Replies 4

Matthew Franks
Cisco Employee
Cisco Employee

‎01-06-2017 08:05 AM

I would suggest opening a TAC case so the file can be analyzed.  The hash is currently listed as malicious but there is no copy that I can run further analysis on.  Please open a case and provide the file for analysis.

Thanks,

Matt

0 Helpful

jared
Level 1
Level 1
In response to Matthew Franks

‎01-06-2017 08:08 AM

Will do.

Thank you,

Jared

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee
In response to jared

‎01-06-2017 08:09 AM

You're welcome!

0 Helpful

Farhan Mohamed
Cisco Employee
Cisco Employee

‎01-31-2017 02:15 AM

Please see the support forum below:

https://supportforums.cisco.com/discussion/12702996/amp-blocking-windows-updates

If solution is not found, Please send me screen shot i will further investigate.

0 Helpful
Customers Also Viewed These Support Documents