Solved: Re: Malicious disposition for putty-64bit-0.73-installer.msi

mski7861 · ‎06-06-2024

Early this morning, we received 2 retrospective detections for putty-64bit-0.73-installer.msi/sha256: 31d001504b56e47d7e90b39a6fde6acf949e8c59d4717abac35eef0b932f89d7 with a classification of malicious my Cisco.

Filescan.io indicates no detections/no threats found for the hash.

Virus Total threat score is 0 of 53.

I requested the file for analysis but believe this may be a false positive.

I have submitted a case with Talos to evaluate the disposition

Roman Valenta · ‎06-06-2024

As I promised here is update:

Talos has analyzed the file and deemed it benign. We have rectified the issue by changing the file disposition in Cisco Secure Endpoint.

This update should be reflected in the next 1-2 hours. Since the update was about 2 hours ago I try download the file again and this time it was no longer detected.

View solution in original post

Roman Valenta · ‎06-06-2024

Hi,

Just quick update on this one. TAC also opened internal ticket with TALOS. The file in question was also provided :

https://the.earth.li/~sgtatham/putty/0.73/w64/putty-64bit-0.73-installer.msi

Will update this thread once we hear back from our team.

Roman Valenta · ‎06-06-2024

As I promised here is update:

Talos has analyzed the file and deemed it benign. We have rectified the issue by changing the file disposition in Cisco Secure Endpoint.

This update should be reflected in the next 1-2 hours. Since the update was about 2 hours ago I try download the file again and this time it was no longer detected.

mski7861 · ‎06-06-2024

@Roman Valenta thank you for the updates and confirming false positive has been rectified.