Quick question regarding this event type - our organization has been seeing a lot of these lately. My question is, what would cause the failure? Is it that the file in question no longer exists on the target machine?
Seeing the same thing over the weekend. I have about 10 computers and the folder path seems to be related to LastPass's browser extension for Chrome/MSEdge.
Seeing this same strange behavior at multiple Cisco AMP sites. All are in12.Talos threat detections and all seem to be Chrome generated js files. They vary from Adobe updates, grammarly, and printer updates to just generic web browsing temp files. Roughly 30 plus different detection types on hundreds and hundreds of clean endpoints. Cisco any comment on this? Seems like the in12.Talos detection has some flaws maybe.
Seeing the same on our campus. AMP is flagging several types of JavaScript files with Grammarly being one. We noticed a co-worker opening Gmail, Google Drive, etc. on his machine caused alerts in the AMP console. His workstation now has at least 200 events flagged against it. I just updated to the latest AMP client (7.3.3.11988) the end of last week. I wonder if something changed in the latest client to cause this behavior. I have opened a support case with Cisco on this issue.
We are experiencing the same issue. Retroactive device quarantine after failed attempts to quarantine and retrieve the .js files. The following are just a few for everyone's reference.
I can't find exactly where these are being downloaded from in AMP, Threat Response or Umbrella. I'm assuming it's a false positive on grammarly javascripts.
