Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
1
Replies

Retrospective Detection: Winrar.exe

tmsalcedo
Level 1
Level 1

‎09-21-2023 12:11 AM - edited ‎09-21-2023 12:21 AM

Today there are multiples detections related to Winrar.exe. It looks like a false positive, but it´s weird, Is there a reason for this?

The hash is e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80.

3 people had this problem
0 Helpful
1 Reply 1

Roman Valenta
Cisco Employee
Cisco Employee

‎09-21-2023 06:49 AM - edited ‎09-21-2023 06:50 AM

HI,

 

If you believe this is FP please open a TAC case so we can submit the file for analysis but currently this SHA256 is flagged as malicious by AMP cloud. Threat Grid score is 95 which is extremely high and reported by ClamAV as Trojan.

Other than that It has valid certs and no other AV reports this SHA as malicious so it's probably FP but again TAC case needs to be open so we can analyze the file. You will be asked to provide the file which you should be able to download from your Secure Endpoint console. Also provide screenshot from Device Trajectory event Details to show which engine flagged this file.


https://www.virustotal.com/gui/file/e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80/detection/f-e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80-1695279514

Regards,

-Roman

 

 

0 Helpful
Customers Also Viewed These Support Documents