Solved: Re: Connector Download detected as Gen:Variant.Symmi.84797

JustinShields93465 · ‎01-03-2023

When attempting to download the current connector from the Console, the first download succeeds, then subsequent downloads are triggering an alert for Gen:Variant.Symmi.84797

Policy was updated today for the Endpoint and on version 8.1.3

Ken Stieers · ‎01-03-2023

I poked some people I know via WebEx a couple of hours ago... someone mentioned that they'd seen some internal discussions and it should be fixed soon.

View solution in original post

Ken Stieers · ‎01-03-2023

I poked some people I know via WebEx a couple of hours ago... someone mentioned that they'd seen some internal discussions and it should be fixed soon.

jobarrie · ‎01-03-2023

Hello Justin,

Thanks for bring this to our attention. Now, I tried to reproduce this issue a couple of times with no luck. I have Secure Endpoint version 8.1.3 installed and running TETRA definitions 89707 which are the latest as of today but no luck. Please see the screenshoot attached. Let me know if I am missing something to repro this. Now, in the Threat Detected event can you please click on the device trajectory button ? The device trajectory button is the one that looks like a TV, this should take to the device trajectory where you can gather more information about this detection under "event Details" please share those with me. My guess is that TETRA engine could be behind the detection and maybe TETRA team already fixed this detection on the latest signature version.

JustinShields93465 · ‎01-03-2023

I have not been able to recreate the issue now. Successfully downloaded multiple connectors for different policies without issue. Thank you everyone that reached out to comment!