Solved: Cisco AMP detecting Firefox 70.0 as Malicious

kgriffen · ‎10-24-2019

Currently downloading Firefox 70.0 from https://www.mozilla.org/en-US/firefox/download/thanks/ is being marked in Cisco AMP for Endpoints as malicious.

Matthew Franks · ‎10-28-2019

False Positive confirmed by TALOS and the hash is no longer marked as malicious.

Thanks,
Matt

View solution in original post

Matthew Franks · ‎10-24-2019

I just downloaded the file you linked. It had a hash of

2acb8fbc34a4eecfa8a9d0fe5e0b522a8a1b5dcd97fd52b38464e5a00524197c which is not marked malicious in the AMP database. Could you provide the hash of the file you downloaded that was detected as malicious?

Thanks,

Matt

kgriffen · ‎10-24-2019

069edc8e7266e5aa044ca84e76641fc12320186eb8d061f0d74b2f4857922782

And it was marked malicious via the sandbox.

kgriffen · ‎10-24-2019

069edc8e7266e5aa044ca84e76641fc12320186eb8d061f0d74b2f4857922782

Matthew Franks · ‎10-24-2019

I've submitted a False Positive review to TALOS for that file. In the future, you can submit these yourself for a faster turnaround time at https://talosintelligence.com/talos_file_reputation . Search by the file hash and then, if the disposition is malicious as this one is, click the Submit a File Reputation Ticket here hyperlink.

Thanks,

Matt

kgriffen · ‎10-24-2019

Thank you!

Matthew Franks · ‎10-28-2019

False Positive confirmed by TALOS and the hash is no longer marked as malicious.

Thanks,
Matt