Anyone else getting .net detections?

itguy1024 · ‎07-22-2022

We have been getting a lot of threat detection's / quarantines from .Net lately. I had Cisco verify the one was a false positive. But the rest?

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\98921009e55886bd7472286a92fc76d7\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\19c97905640b7af5189931cf57561f7d\System.Dynamic.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e24d91cf408c6ff9067e017a0a75b582\WindowsBase.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\19c97905640b7af5189931cf57561f7d\System.Dynamic.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\338cfffc176b37a1bb49197611bbd3c2\System.Design.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\7b3f02495cc10a94d6c0dd0a12cd4158\System.ServiceProcess.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\1893dd6b23e88e2ec18c19fa0c760da9\Microsoft.VisualBasic.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\3666f4fb3594e46c23a0394e9b780fa8\System.IdentityModel.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\32d3758cd8f43f4897ec53f976f9179c\System.Xaml.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\5ee113c4b84c2452510178049b5882c0\System.Runtime.Serialization.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\6d812fc59ceea7b307584232e912d7e8\System.Data.Linq.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#\9ea6de56c76f47e1cdeadbf2d37e94ab\System.Net.Http.WebRequest.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\f00310b9a79daf16bafd693355edf43e\System.Deployment.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\8955146c95057cafe152beceef8af350\System.EnterpriseServices.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\c37c6f23f408ac22f7f4b391b588c3c5\System.ComponentModel.DataAnnotations.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9d4a0c66ca94a19d2b820521f11c3cde\System.Data.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\9ad5740ad82709c5dbe1ab34ba50f268\System.Dynamic.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9c3c69214b4834f88823b7c996671d06\PresentationCore.ni.dll
\\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c1a70bcc82e9109e801dc86e5d5333eb\SMDiagnostics.ni.dll
- \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d8d7e79f6688399ae56a01336708172b\System.Configuration.ni.dll
- \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\15899cc05a70a7034169dddc11f3b65b\PresentationFramework.Aero2.ni.dll

LudoD · ‎07-22-2022

Hi,

Just posted about this.
I had notifications about the first one (C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\98921009e55886bd7472286a92fc76d7\System.Core.ni.dll)

How did you contact Cisco to ask them to check the first one ?

Kind regards,
Ludo

itguy1024 · ‎07-22-2022

I opened an AMP TAC case.

rene_braun · ‎07-27-2022

Hello

was there any special about the finding? What was TAC saying?

Best regards