cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3690
Views
12
Helpful
21
Replies

Base64JS.min.js

noahigros
Level 1
Level 1

Good afternoon, 

we are using Cisco AMP with our connector version being 8.2.1.21612 and are receiving numerous alerts for a filename Base64JS.min.js. Is anybody else experiencing this? Previously we had a widespread issue with a smss.exe parent process that was found to be an issue with a new BP update on Cisco's end for the same connector version we are on now. Could this be related? 

21 Replies 21

Roman Valenta
Cisco Employee
Cisco Employee

The statement above is correct I just checked the internal ticket with TALOS and it was confirmed last night around 7pm EST that this is indeed FP event and will be removed from the detection list.

 

dotran
Level 1
Level 1

I entered that hash into Talos and it still shows as UNKNOWN.   

noahigros
Level 1
Level 1

Final thoughts,

although we now have an accepted solution, for future reference you can also create an exclusion for events like this and apply it to your group policies. I personally don't tend to do that, as there is always the possibility of these events to be true and I wouldn't want to miss them. I've only done exclusions for very specific needs of an agency, but not an overarching file or action that's common across the board.

That's what we did but prefer Cisco makes a public announcement and provide the updated signature files so the paying customers do not have to do any guess work.

Absolutely agree.

I do 100% agree with this statement.  Secure Endpoint is definitely not "one click" solution there is many engines and factors that they play a big role in the final verdict and you guys have the power to control most of them. I also agree that FP events could be annoying and distracting but again SE is not just simple AV solution and in today world I rather be safe than sorry.

Also remember guys any doubts you have with False Positive or False Negative event TAC is here to help you and we treat these cases individually case by case. Most of them are resolved with in 24 hours from reporting, but there are cases like those caused by Exploit Prevention engine that are way more complicated than simple detection and those can take longer. So we appreciate the patience and support.

 

 

Agreed, and we greatly appreciate the help from the Cisco team.