Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
4
Helpful
3
Replies

False positive?

Go to solution
ALTF4
Level 1
Level 1

‎05-21-2025 12:57 AM

Heyo everyone,

Had a tonne of machines alerting for SHA256: 07cd10ab304ae0017dd903b91e2d68952508e5120073a27d6ae1affe5b0af198

I'm pretty sure this is a false positive but I've had a look and cant find any information anywhere yet cause I think its quite recent, just wanted to check in and see if anyone else has experienced the same?

Cheers!

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Janulik
Cisco Employee
Cisco Employee

‎05-21-2025 03:24 AM

We are aware of the issue. The file disposition in Cisco Secure Endpoint, was changed. You should see the effectivity already.

Cyber security escalation engineer

View solution in original post

3 Replies 3

Go to solution
YZ2
Level 1
Level 1

‎05-21-2025 01:25 AM

We are facing the same challenge of identifying whether this is a false positive or whether it really is something that needs to be looked at more closely.
 
C:\Users\****\AppData\Roaming\Zoom\6.4.6.64360\Zoom.msi is moved to quarantine.
 
detected Zoom.msi as W32.07CD10AB30-95.SBX.TG

Go to solution
Bunged
Level 1
Level 1

‎05-21-2025 02:20 AM

We observe the same behaviour in our environment, too.

Go to solution
David Janulik
Cisco Employee
Cisco Employee

‎05-21-2025 03:24 AM

We are aware of the issue. The file disposition in Cisco Secure Endpoint, was changed. You should see the effectivity already.

Cyber security escalation engineer
Customers Also Viewed These Support Documents