Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Malicious File Detected

Solved
Kelkar
Conversationalist
‎Jan 31 2024 10:13 AM
‎Jan 31 2024 10:13 AM

Malicious File Detected

Hello,

 

I have detected a file that was flagged by our Cisco Endpoint protection.

 

File Name: Get-NewLocalAdmin.ps1

Detection: W32.CFAB3E3BCA-95.SBX.TG

SHA 256: cfab3e3bca1517a535358cef7b206c65abb02470495ac929ca7b3ee0cfe3fab8

 

It looks like it spread across a lot of our computers and servers but it was denied. I have put it under the blocked application list.

 

I also found another file called "Set-LocalAdmin.ps1"

 

They were created in the ProgramData folder and the folder was called _Automation

 

I would like any advice if possible!

 

File Detected.png

 

Location of File on End User.png

0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 31 2024 10:25 AM
‎Jan 31 2024 10:25 AM

Have more than one layer of protection, like a good antivirus for example.
 
Relying solely on the firewall does not guarantee good protection, nor does having a good antivirus.
 
The best thing you can do is “educate” users, create anti-phishing campaigns, etc.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
Subscribe
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 31 2024 10:25 AM
‎Jan 31 2024 10:25 AM

Have more than one layer of protection, like a good antivirus for example.
 
Relying solely on the firewall does not guarantee good protection, nor does having a good antivirus.
 
The best thing you can do is “educate” users, create anti-phishing campaigns, etc.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Kelkar
Conversationalist
‎Jan 31 2024 10:46 AM
‎Jan 31 2024 10:46 AM

Hello,

 

Thank you for the feedback. It turns out the issue was from our MSP running a script without notifying me 😑

 

Sorry for the trouble! 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.