04-04-2022 12:20 PM
Hey all,
are you seeing an FP on svchost.exe? Mostly Cloud.IOCs...
Ken
04-04-2022 12:52 PM - edited 04-04-2022 12:54 PM
We are seeing it on multiple windows machines
04-04-2022 01:01 PM
It has been flagged on all my servers, But no Windows desktop machines.
04-04-2022 02:09 PM
04-04-2022 01:02 PM
Is this a false positive? A whole bunch of machines on our network are being isolated due to this event.
04-04-2022 01:12 PM
04-04-2022 01:18 PM - edited 04-04-2022 01:19 PM
Having this on many of our Desktops and Servers.
04-04-2022 01:21 PM
Seeing the same, only on 2016/2019 Windows servers.
Have undertaken what checks we can in the time and all coming back no threat.
Still digging.
04-04-2022 01:30 PM
Any update on this problem? We also have 2019 servers jumping into isolation mode regarding svchost fp.
04-04-2022 01:39 PM
Cisco advise False Positive
Cisco Secure Endpoint Announcement - False Positive detection
Cisco is aware of the false-positive detection related to svchost.exe. The single SHA-256 involved is cb19fd67b1d02......96cfe0ee0c6e45285436a1. The file disposition has been updated and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
04-04-2022 01:42 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: