Multiple false positive events for wscript.exe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2024 12:17 PM
Today we are seeing multiple high severity events being generated for wscript.exe sha256: 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523
This is affecting multiple versions of the connector which is causing multiple endpoints to be placed into isolation.
Is this a false positive/misclassification?
- Labels:
-
AMP for Endpoints
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2024 10:32 PM - edited 01-23-2024 10:38 PM
Check the wscript.exe alert event details! (Detected as w32.4173FC5A68.infostealer-psexec.talos.sso)
See Annoucements Sections (Secure Endpoint)
False Positive Detections
Important Issue
Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2024 10:35 PM
This is FP. Cisco is aware of this. This is what they sent
Cisco is aware of the false positive detection(s) related to Cloud IOC: ExecutedMalware.ioc or Threat Name: w32.4173FC5A68.infostealer-psexec.talos.sso. The SHA256 involved is 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523. The disposition is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
