Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
34022
Views
65
Helpful
43
Replies

MX Malware Blocking

AVIF
Community Member

‎04-13-2023 07:47 AM

Is anyone else seeing large amount of Malware blocking on their MX?

W32.975C0D48C4.RET.SBX.TG

ArchiveFile

Is this a false positive related to Microsoft ?

Labels:
43 Replies 43

jcgvt
Community Member

‎04-13-2023 07:48 AM

I am seeing it too. I believe it is a false positive - but not my call of course.

NJNetworkGuy100
Level 3
Level 3

‎04-13-2023 07:48 AM

We are getting a ton of these alerts as well.

Jameson2
Level 2
Level 2

‎04-13-2023 07:49 AM

I just attempted to post about this and Meraki marked it SPAM. We are seeing thousands of these notification (over 9000 at time of writing). Our alerts started at 10:28 AM Eastern on 4/13/2023.

File SHA256 hash: 975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b375ab2c47c9e2060f562

Jameson2
Level 2
Level 2
In response to Jameson2

‎04-13-2023 07:56 AM

We are now getting an additional file marked with different hashes. Also from [3-11].tlu.dl.delivery.mp.microsoft.com

W32.7F4CBDDDA2.RET.SBX.TG - SHA256: 7f4cbddda24faf170473706c062c8957d6bb422b285013c932c61e8dd4efb381

DarthKevin
Community Member

‎04-13-2023 07:51 AM

Same here. 1000+ alerts at the time of writing.

martins@netxuk.com
Level 2
Level 2

‎04-13-2023 07:52 AM

Yeah, seeing lots of this from multiple MX networks. Virus Total does not show any vendors identifying it as malicious.

I notice the following relating to the file in Securtiy Centre:

downloaded from [http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f4612029..... So it's come from microsoft.com

Feels like a false positive I'd say

jborgmeyer
Community Member

‎04-13-2023 07:54 AM

yep received the same alert

dtechcomputing
Community Member

‎04-13-2023 07:58 AM

We are seeing it also. All sites with Meraki's MX67 and MX84

RichardAtkin
Level 8
Level 8

‎04-13-2023 07:59 AM

Seeing this problem on MXs too.

All seems to source from Microsoft.

Nothing on VT suggesting it's malicious.

Talos website suggests low potential for malice.

Nothing in ThreatGrid yet to sandbox it.

Ajasinski
Community Member

‎04-13-2023 07:59 AM

Same here- certainly appears to be a false positive.

dipenrathod1997
Level 3
Level 3

‎04-13-2023 08:00 AM

Same thing reached out to Meraki tech support... waiting for them revert us back with proper explanation.

HaniAbuelkhair6735
Level 3
Level 3
In response to dipenrathod1997

‎04-13-2023 08:06 AM

Please keep us updated

0 Helpful
Customers Also Viewed These Support Documents