Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3708
Views
25
Helpful
19
Replies

False positive? GT:JS.Hyena.3 detections

Go to solution
Chris05
Level 1
Level 1

‎04-09-2024 06:01 AM

Last night we started getting GT:JS.Hyena.3.x detections on a number of computers. We are continuing to receive them, over 150 machines so far. Anyone else seeing this? 

11 people had this problem
19 Replies 19

Go to solution
Leedr
Level 1
Level 1

‎04-10-2024 11:54 PM

Any news about this potential FP? Also seeing an alert in Cloud gateway system coming from to a legitimate travel site "Volaris.com". See details:

Malware Name: GT:JS.Hyena.3.45B1BCCE
Malware Type: Virus
Malware Severity: high
Malware ID: 8f776ae162e453ad2f04bc6370f2eab3
0 Helpful

Go to solution
MidwestCyber
Level 1
Level 1
In response to Leedr

‎04-11-2024 03:43 AM

I have heard no update, but detections seemed to halt in our environment around 0300 CDT. Holding until official announcement.

0 Helpful

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎04-11-2024 05:10 AM

The signature has been removed to be re-evaluated, so once signatures update on your endpoints, the FP should be resolved.

Go to solution
miguel-alegria
Level 1
Level 1
In response to Matthew Franks

‎04-11-2024 05:41 PM

Do you have the signature number that was removed? I have several installation errors with the same signature number, and I would like to know if they are related.

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee
In response to miguel-alegria

‎04-12-2024 05:12 AM

The signature number was 14081197 and it was updated on the 10th around 2300 UTC. Hope that helps.

-Matt

Customers Also Viewed These Support Documents