04-13-2023 06:29 AM
Hey guys,
Anyone else seeing this:
Feels like an FP to me.
Ken
04-13-2023 06:49 AM
We are also seeing a large number of these this morning.
04-13-2023 06:53 AM
Our team is actively looking on this SHA-256 investigation to either discard if it is a FP event or not. Thank you for sharing.
04-13-2023 07:40 AM
Just got FP confirmation from a Cisco Secure Endpoint announcement email about 15 minutes ago.
04-13-2023 07:43 AM
Hey,,
This SHA-256 is already marked as clean after analysis:
SHA-256: 082827c4a5582f887901c4cce83a1aa9b8a4eb23835a434fc104bba745172a85
You should see the alerts stop during the next minutes/hours, as soon as the endpoints receive the latest definition updates.
--
Pedro M.
04-13-2023 07:49 AM
Hi pmedinac
also seeing alerts on 975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b375ab2c47c9e2060f562. Same/similar issue?
04-13-2023 07:52 AM
04-13-2023 07:53 AM
Also seeing this SHA-256 detection on our Firepower appliances
04-13-2023 08:05 AM
04-13-2023 08:11 AM
Yeap, I double check and that one (975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b375ab2c47c9e2060f562) was is also Clean.
Same as the other, it may take some time to get the endpoint updates to stop alerts.
Greetings.
--
Pedro M.
04-13-2023 08:32 AM
Same issue. Do we still need to whitelist the SHA256? Or has Cisco corrected the behavior detection?
04-13-2023 08:35 AM
This is already corrected, the endpoints may take some time to get the latest update.
--
Pedro M.
04-13-2023 08:44 AM
Does this have anything to do with the Cisco-Maintained Exclusion list changes that were done yesterday?
04-13-2023 09:03 AM
Nope, this has nothing related to the Cisco-Maintained Exclusion list modified yesterday.
This is just an incorrect conviction that has been fixed at the moment.
--
Pedro M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide