Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
0
Helpful
3
Replies

notification for Vista file on firepower

Samer R. Saleem
Level 4
Level 4

‎09-08-2018 10:46 PM - edited ‎03-12-2019 06:57 AM

Hi,

 

I'm getting notifications about the file detection name below when one of the users connected by VPN and tried to download some Medical software package that belongs to Vista application

W32.19E0AFBF46-63.SBX.VIOC

 

why the firepower detects it like a malware?

how to know the affect of the malware if its real?

note: we have also McAfee antivirus and it didn't detect it as a malware even though we have been using this application on many computers

Labels:
0 Helpful
3 Replies 3

Mohammed al Baqari
Level 11
Level 11

‎09-09-2018 04:04 AM

Check in Analysis > File Events and see the disposition or the file. From
Talos it says for this signature ( This example may contain a partial hash
of the SHA256 that matched. )

If you are sure that is safe, you can whitelist
0 Helpful

Samer R. Saleem
Level 4
Level 4
In response to Mohammed al Baqari

‎09-15-2018 10:18 PM

thanks for your reply, so in case of partial match in the signatures it will be considered malware?

 

is there a website to check signatures?

0 Helpful

mikael.lahtela
Level 4
Level 4
In response to Samer R. Saleem

‎09-19-2018 11:29 AM

As this probably is a false positive I would suggest to contact tac.
Else you are stuck with virustotal or other third party solutions to check the file.

br, Micke
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card