04-26-2023 04:32 AM
This morning I started seeing retrospective quarantine failures for Newtonsoft.Json.dll. I see conflicting results when searching for this .dll. The SHA is SHA256: c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
Solved! Go to Solution.
04-26-2023 06:29 AM
Hello.
We have investigated about this SHA-256 (c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e) and found that this is a benign file, hence this file should now be allowed on your environment.
Since the file verdict was changed, the endpoints need some time to receive the last definitions, and may take up to 2 hours based on the policy configuration, other option is to update the policy and definitions manually from the Secure Endpoint UI.
--
Pedro M.
04-26-2023 04:44 AM
04-26-2023 05:50 AM
Same issue.. first time popping up for us this morning.
C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2302.13003.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\Newtonsoft.Json.dll
04-26-2023 06:12 AM
We have this alert going off as well. seeing this as an optional process for Autodesk, Snagit, and visual studios depending on user downloads/packages. eager to hear talos's response.
04-26-2023 06:29 AM
Hello.
We have investigated about this SHA-256 (c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e) and found that this is a benign file, hence this file should now be allowed on your environment.
Since the file verdict was changed, the endpoints need some time to receive the last definitions, and may take up to 2 hours based on the policy configuration, other option is to update the policy and definitions manually from the Secure Endpoint UI.
--
Pedro M.
04-27-2023 01:01 AM
I'm still a Secure Endpoint newbie. We had the same alerts on a number of machines, and currently they are still showing in my inbox on the Secure Endpoint Dashboard under "Requires Attention". Are they supposed to get resolved automatically now that the file verdict was changed?
I know I can just manually resolve them, but I would like to know whether or not they are supposed to disappear automatically.
04-27-2023 04:57 AM
Hi,
No , it will not be removed from Inbox. Think of Inbox as your "un-opened / un-answerd mail" in your Outlook. Something that needs your attention and your manual interaction. Inbox events are also directly related to the "Heat Map" on your Dashboard and percentage number under "Compromised" What you need to do is navigate in to Inbox select all events that you don't want to deal with or you already reviewed and click on MARK RESOLVED. Those events will be then cleared out from the Heat MAP and Compromised %
Please note: that you can still find these events under "Events" tab for history purpose also note that all events are automatically removed and cleared once they more than 30 Days old.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide