@BrechtSchamp Can you run the m_agent_upgrade.msi and see if the hash changes on the file 

screenshot-cmd.exe?  

My hash is d013700ee02f7461d2e669d84164f97f6e27b032ae60d4b6b1d03c71d558dc8f and it is also alerting as a virus (Trojan Bobik) by Carbon Black.

For me that's not a .msi file. It's a .exe. I tried running it but it fails. "screenshot-cmd.exe" hash unchanged after the failed run.

My Meraki updates the file MerakiPCCAgent.msi on the windows clients, then once the file runs it launches m_agent_upgrade.msi which in turn upgraded or installed a different version of 

screenshot-cmd.exe which is when it gets flagged as Trojan Bobik.

Seems like the behavior here is different then. Perhaps support can help out? Maybe your shard is already running a different version of Systems Manager. I'm on shard n248...

Thanks, will update this page if I find anything out

Any updates on this? We too are seeing it flagged.

I haven't been able to find out anything else thus far. I have blacklist the screenshot-cmd.exe until I do. The blacklisting of the file hasn't really affected our ability to manage our endpoints via the MDM.

It's probably just used for this feature:

We have the same issue. Using Carbon Black. We deleted the file screenshot-cmd.exe located in PCC Agent 3.0.2. We contacted Meraki support and they are aware of this issue.

We have discovered that the file works without any issues when processing a screenshot req if we copy an old version of screenshot-cmd.exe to the  PCC Agent 3.0.2 folder. I hope this info helps. 

That's the "beauty" of modern, machine learning Anti-Malware solutions. They're simply reacting to some kind of possible "abnormal" behaviour that processes present. Delivering pictures - especially in the background to some kind of external systems is phishy at last...depending on how you're looking at it.