Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2303
Views
0
Helpful
2
Replies

AMP Windows Connector 6.0.5.10636

mcwaranowicz
Level 1
Level 1

‎12-15-2017 06:49 AM - edited ‎03-08-2019 05:45 PM

Upgrading the AMP for Windows connector to version 6.0.5 seems to detect itself as a threat, and the number of compromises on my dashboard are growing like crazy.  Below is an example of what it's detecting:

 

  • Event Type: Threat Detected in Exclusion
  • Computer: <removed>
  • Hostname: <removed>
  • IP: <removed>
  • User: SYSTEM@NT AUTHORITY
  • Detection: W32.1746B5EAFE-100.SBX.VIOC
  • File: dxm.dll
  • File path: \\?\C:\Windows\Temp\AMP.Installer\{82374DD8-5040-8237-406F9A40-478D2C43CFDD1EFC}\FA_Events\6.0.5\dxm.dll
  • Detection SHA-256: 1095954a66ab38078cca400b179fc2b592d92f606be7412a9952ce2ec0dc3601
  • By Application: protectent-6.0.5-10636.exe
  • Application SHA-256:c60264c0088c6c60a69cae9b79bfa805dcd17ac0859d791cf41b0dc263b5538e
  • Timestamp: 2017-12-15 12:41:54 +0000 UTC
Labels:
0 Helpful
2 Replies 2

IvanCdC
Cisco Employee
Cisco Employee

‎12-22-2017 07:06 AM

Hello,

 

Please open a case with TAC we will need further details on this. 

 

Regards

0 Helpful

mcwaranowicz
Level 1
Level 1
In response to IvanCdC

‎12-22-2017 07:47 AM

Hi Ivan,

 

Actually, shortly after posting about this, those events started getting slowly removed from my console.  Over the course of the day, they all disappeared with no trace. 

0 Helpful
Customers Also Viewed These Support Documents