Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1535
Views
0
Helpful
3
Replies

Anyone else getting .net detections?

itguy1024
Level 1
Level 1

‎07-22-2022 05:15 AM

We have been getting a lot of threat detection's / quarantines from .Net lately. I had Cisco verify the one was a false positive. But the rest?

  • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\98921009e55886bd7472286a92fc76d7\System.Core.ni.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\19c97905640b7af5189931cf57561f7d\System.Dynamic.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e24d91cf408c6ff9067e017a0a75b582\WindowsBase.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\19c97905640b7af5189931cf57561f7d\System.Dynamic.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\338cfffc176b37a1bb49197611bbd3c2\System.Design.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\7b3f02495cc10a94d6c0dd0a12cd4158\System.ServiceProcess.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\1893dd6b23e88e2ec18c19fa0c760da9\Microsoft.VisualBasic.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\3666f4fb3594e46c23a0394e9b780fa8\System.IdentityModel.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\32d3758cd8f43f4897ec53f976f9179c\System.Xaml.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\5ee113c4b84c2452510178049b5882c0\System.Runtime.Serialization.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\6d812fc59ceea7b307584232e912d7e8\System.Data.Linq.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#\9ea6de56c76f47e1cdeadbf2d37e94ab\System.Net.Http.WebRequest.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\f00310b9a79daf16bafd693355edf43e\System.Deployment.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\8955146c95057cafe152beceef8af350\System.EnterpriseServices.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\c37c6f23f408ac22f7f4b391b588c3c5\System.ComponentModel.DataAnnotations.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9d4a0c66ca94a19d2b820521f11c3cde\System.Data.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\9ad5740ad82709c5dbe1ab34ba50f268\System.Dynamic.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9c3c69214b4834f88823b7c996671d06\PresentationCore.ni.dll
  • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c1a70bcc82e9109e801dc86e5d5333eb\SMDiagnostics.ni.dll
    • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d8d7e79f6688399ae56a01336708172b\System.Configuration.ni.dll
    • \\?\C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\15899cc05a70a7034169dddc11f3b65b\PresentationFramework.Aero2.ni.dll
    •  
1 person had this problem
Labels:
0 Helpful
3 Replies 3

LudoD
Level 1
Level 1

‎07-22-2022 06:02 AM

Hi,

Just posted about this.
I had notifications about the first one (C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\98921009e55886bd7472286a92fc76d7\System.Core.ni.dll)

How did you contact Cisco to ask them to check the first one ?

Kind regards,
Ludo

0 Helpful

itguy1024
Level 1
Level 1
In response to LudoD

‎07-22-2022 10:12 AM

I opened an AMP TAC case.

0 Helpful

rene_braun
Level 1
Level 1

‎07-27-2022 12:57 AM

Hello

was there any special about the finding? What was TAC saying?

Best regards

0 Helpful
Related community topics
Top