cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3407
Views
0
Helpful
4
Replies

False positives from Cisco AMP

tyler.johnson
Beginner
Beginner

We have a downloadable executable that is being flagged. It is a signed Windows executable. Is it possible to register with Cisco as a whitelisted vendor so that executables with our signature don't trigger false positives? Is there any other option to prevent alarming the end user?

4 Replies 4

yogdhanu
Cisco Employee
Cisco Employee

Hi

 

You can add the SHA value of that to whitelist in your policy. If you believe the file is not malicious at all and should not be marked malicious globally, please open TAC case to request for FP analysis.

 

Hope it helps,

Yogesh

Global passing is what I'm interested in because I'm not a Cisco customer. I'm the creator of the file that is being flagged.

How would I go about opening a TAC case?

 

Aside from focusing on a specific file, is there a way to submit a signature to Cisco so that any file signed with that signature can pass as not malicious?

Hello Tyler

 

 If you think the file is not malicious then you can add it to the whitelist option and you can allow this file in your environment. But if you are looking for a global passing, then Cisco TALOS will have to review the file and update the disposition only if the file is not malicious or not showing any high threat score. If the file is not showing any malicious behaviour then TALOS will do the needful. As an initial step you can open the case with Cisco TAC and they will involve the TALOS team to verify the same. Please provide the file sample along with the sha value while opening the case with Cisco TAC.

 

Regards

Jetsy 

 

How do I open a case with Cisco TAC? 

I tried calling Cisco support on the phone and they wouldn't help since I'm not a Cisco customer.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: