01-23-2024 12:17 PM
Today we are seeing multiple high severity events being generated for wscript.exe sha256: 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523
This is affecting multiple versions of the connector which is causing multiple endpoints to be placed into isolation.
Is this a false positive/misclassification?
01-23-2024 10:32 PM - edited 01-23-2024 10:38 PM
Check the wscript.exe alert event details! (Detected as w32.4173FC5A68.infostealer-psexec.talos.sso)
See Annoucements Sections (Secure Endpoint)
False Positive Detections
Important Issue
Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
01-23-2024 10:35 PM
This is FP. Cisco is aware of this. This is what they sent
Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide