Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
34045
Views
65
Helpful
43
Replies

MX Malware Blocking

AVIF
Community Member

‎04-13-2023 07:47 AM

Is anyone else seeing large amount of Malware blocking on their MX?

W32.975C0D48C4.RET.SBX.TG

ArchiveFile

Is this a false positive related to Microsoft ?

Labels:
43 Replies 43

dipenrathod1997
Level 3
Level 3

‎04-13-2023 08:50 AM

Here's what we got from Meraki Support:

Greetings,

Thank you for contacting Cisco Meraki Technical Support.

I would like to inform you that we are aware of the recent issue where a Microsoft update is being flagged as malicious by the AMP service on the MX platform. Our development team has been alerted and is currently investigating the matter. For updates on the progress of the investigation, please refer to this link: https://community.meraki.com/t5/Security-SD-WAN/MX-Malware-Blocking/m-p/191266#M44553. We will keep this thread updated as soon as we have more information on whether this is a false positive or not.



Thanks,

Jason Wu
Cisco Meraki Technical Support

dipenrathod1997
Level 3
Level 3

‎04-13-2023 08:57 AM

.

troxelr
Community Member
In response to dipenrathod1997

‎04-13-2023 09:01 AM

That one is from 2019.

0 Helpful

HaniAbuelkhair6735
Level 3
Level 3

‎04-13-2023 08:59 AM

image.png

ClockN
Community Member

‎04-13-2023 09:18 AM

Had thousands of these this morning. Every Windows machine sending through the firewall.

0 Helpful

TODD BEERS
Level 2
Level 2

‎04-13-2023 09:26 AM

We're still incrementing

0 Helpful

HaniAbuelkhair6735
Level 3
Level 3

‎04-13-2023 09:37 AM

image.png

Jameson2
Level 2
Level 2

‎04-13-2023 09:39 AM

We are now getting a new alert for the below file. Anybody else?


Source Location: b.c2r.ts.cdn.office.net

File: i640.c2rx (W32.7B9E2002CA.RET.SBX.TG)

SHA256: 7b9e2002cacef4817353464f9845e294845daef8b28adeab55e76b3c8278ff18

0 Helpful

Robbace
Level 1
Level 1
In response to Jameson2

‎04-13-2023 09:41 AM

Same here Jameson

Jameson2
Level 2
Level 2
In response to Jameson2

‎04-13-2023 10:18 AM

We are also following this new issue on this post: 2nd Malware Detected - i640.c2rx - The Meraki Community

0 Helpful

Jameson2
Level 2
Level 2

‎04-13-2023 11:36 AM

Wanted to follow up here to see if others are experiencing the same thing we are. (tagging @ConnorL1 from Meraki)

Meraki marked the issue as "Resolved" on this post [RESOLVED] Security Center False Positive Alert - April 13th 2023 - The Meraki Community

However, we have had a total of 3 files that triggered Malware alerts today. So far 2 of the 3 are showing as "Clean" in the dashboard.

Ultimately, I'm trying to determine if this "resolution" is for all of the files or just the two currently marked as "clean"?

File 1: [CLEAN] W32.7F4CBDDDA2.RET.SBX.TG - 7f4cbddda24faf170473706c062c8957d6bb422b285013c932c61e8dd4efb381


File 2: [MALICIOUS] W32.0E9CF9601C.RET.SBX.TG - 0e9cf9601c14abd31bb02adfa0986ceb78af596cbd991e6cad89fe80ea959abd


File 3: [CLEAN] i640.c2rx (W32.7B9E2002CA.RET.SBX.TG) -- 7b9e2002cacef4817353464f9845e294845daef8b28adeab55e76b3c8278ff18

0 Helpful

Jameson2
Level 2
Level 2
In response to Jameson2

‎04-13-2023 12:50 PM

Following up.. All 3 files are now marked as clean and have fallen out of my alerts. For me, this issue appears to be completed "resolved".

0 Helpful

TODD BEERS
Level 2
Level 2

‎04-13-2023 12:55 PM

Yep. It went completely retrospectively clean. It's a good day after all.

Customers Also Viewed These Support Documents