Resolved! False positive? GT:JS.Hyena.3 detections
Last night we started getting GT:JS.Hyena.3.x detections on a number of computers. We are continuing to receive them, over 150 machines so far. Anyone else seeing this?
Forum Posts
Hello TALOSSince the retirement of Immunet at the beginning of 2024, has maintenance of Clam AV CVD signature files by Cisco TALOS been impacted? Are the Clam AV community signature sets still being actively maintained by Cisco? Thanks in advance
We have an end user machine that was placed into isolation after a high severity Cloud IOC Event (Cloud IOC: W32.PowershellIEXReplace.ioc) and a low severity Cloud IOC Event (Cloud IOC: W32.PowershellObfuscationAttempt.ioc) was detected. Powershell ...
Resolved! Multiple Secure Endpoint Alerts
Hi, in the last few hours our Secure Endpoint has alerted to hundreds of events associated with "Gen:Variant.Jatommy.3.3433". While the files are being quarantined in most cases, i believe this may be a false positive, is anyone else seeing these ale...
Hello,we've noticed a shift in the development direction of the official Secure Endpoint web interface, which is unfortunately becoming a challenge for us to work with on a daily basis. As a result, we're considering creating our own administration i...
I am creating Deployment Profiles from Secure X in order to push Secure Client (and our modules) to workstations and servers. The deployment profile for workstations works as expected, whether using a Full Installer or Network installer. I am now t...
Hello everyone, how are you? I'm looking to implement Dot1x on my wired network using ISE as the authenticator and utilizing certificates via TLS. I'd like to know if there's a way to generate the certificate directly on ISE and install it on the ma...
We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupd...
Hello, a few days ago, we noticed that the event logs of the individual clients in the Secure Endpoint Dashboard of one of our larger customers only contain very few entries. Normally we see several dozen to 100 or even more entries there, but now in...
I'm having some issues with Amp flagging some tmp files as malicious. I received 32 alerts from a single machine within an hour as Gen:Trojan.Heur.FU.RqZ@a0N@95j. The files are created by werfault.exe, which is a legitimate program. Werfault can run ...
Hello, I am a Cisco Secure Endpoint beginner.I want to control USB through Device Control function.I created a policy to block all USBs except for USBs from certain vendors.I actually did the test, and I checked the client's pop-up and the log on the...
Can the Cisco Secure Endpoint Secure Client be configured to display threat information when they are detected in the console? I checked off Engine Notification in the policy, advanced settings, client user interface.
Today we see a lot of Threat detections that detect TinyTurlaV2 Service Created. I just wonder if this has something to do with the False Positive Detections on Behaviorla Protection that Cisco annonsed yeasterday evening. It looks like this detectio...
Hi Experts,We have ISE radius settings as below:The below is the report for rejected user:sometimes like this what I am confusing is:1. I don't know whether the user was suppressed or not? only 60 minutes later when I see the "release " log entry, I...
Resolved! Secure Endpoint USB Blocking
Does Secure Endpoint (Formally AMP for EndPoints) have the ability to block usb ports from opening when a thumb drive is plugged in? I've gone through the documentation and there doesn't seem to be any mention of it. If not, do we know if this is som...
