11-19-2018 09:43 AM - edited 02-20-2020 09:06 PM
We have a downloadable executable that is being flagged. It is a signed Windows executable. Is it possible to register with Cisco as a whitelisted vendor so that executables with our signature don't trigger false positives? Is there any other option to prevent alarming the end user?
11-21-2018 02:43 AM
Hi
You can add the SHA value of that to whitelist in your policy. If you believe the file is not malicious at all and should not be marked malicious globally, please open TAC case to request for FP analysis.
Hope it helps,
Yogesh
11-21-2018 05:54 AM - edited 11-21-2018 05:54 AM
Global passing is what I'm interested in because I'm not a Cisco customer. I'm the creator of the file that is being flagged.
How would I go about opening a TAC case?
Aside from focusing on a specific file, is there a way to submit a signature to Cisco so that any file signed with that signature can pass as not malicious?
11-22-2018 01:10 AM
Hello Tyler
If you think the file is not malicious then you can add it to the whitelist option and you can allow this file in your environment. But if you are looking for a global passing, then Cisco TALOS will have to review the file and update the disposition only if the file is not malicious or not showing any high threat score. If the file is not showing any malicious behaviour then TALOS will do the needful. As an initial step you can open the case with Cisco TAC and they will involve the TALOS team to verify the same. Please provide the file sample along with the sha value while opening the case with Cisco TAC.
Regards
Jetsy
11-22-2018 04:28 AM
How do I open a case with Cisco TAC?
I tried calling Cisco support on the phone and they wouldn't help since I'm not a Cisco customer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide