04-13-2023 09:46 AM
Talos reputation ticket created...
And resolved before I finished this post...
Detection: W32.1C27878DDF.RET.SBX.TG
File: mpavdlta.vdm
File path: \\?\C:\Windows\Temp\D3A7A9B3-EF42-4962-BED8-953AD7FE65811330.1d96d3272ec45c5\mpavdlta.vdm
Detection SHA-256: 1c27878ddf28aa426f8daac8def7e897d85f8bd026af0d2873fada2497c86ae4
Detection: W32.224742194C.RET.SBX.TG
File: mpavdlta.vdm
File path: \\?\C:\Windows\Temp\A56C8674-9F74-46B2-8134-2B0D2AAD350D888.1d96d8e153f0f3d\mpavdlta.vdm
Detection SHA-256: 224742194cda7d4157636f514c069da910ed53c32aa5bf324586f6d486a716fd
Detection: W32.63002A1C7C.RET.SBX.TG
File: mpavdlta.vdm
File path: \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55774125-9101-4640-8BEF-F8435CF0A64A}\mpavdlta.vdm
Detection SHA-256: 63002a1c7c87736270f2cea1b03a0b6d58f226eeb8ff8b73c9fc59fbd2d302c5
04-13-2023 01:06 PM
Nothing from Cisco official on this potential FP yet? 100's of notifications and isolated machines today on this one.
Glad this post was here so I could see we weren't the only one, TAC response to a potential FP does not move at the speed of incident response.
04-25-2023 10:18 PM
Team, what was the fix. These only showed up today for us.
04-26-2023 04:37 AM
04-28-2023 08:34 AM
We had this false positive as well. I opened a TALOS reputation ticket, it is marked resolved but still in AMP we have hundreds of "compromised" machines.
04-28-2023 09:11 AM
04-28-2023 09:13 AM
Thank you Ken, appreciate your direction.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide