cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2nd Malware Detected - i640.c2rx

SOLVED
Go to solution
Martyrob
New here
‎04-13-2023 10:01 AM
‎04-13-2023 10:01 AM

2nd Malware Detected - i640.c2rx

So I got the AMP alert earlier that has been deemed False Positive but I don't see a thread regarding the one I just received for i640.c2rx

http://b.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.16227.20258/i640.c2rx 

 

Has anyone else seen this one as well and do we know if it's also a false positive?

Subscribe
1 ACCEPTED SOLUTION
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎04-13-2023 12:32 PM
‎04-13-2023 12:32 PM

Meraki have reported an issue with windows update traffic this morning.

 

https://status.meraki.net/incidents/66pj1lx1m4vs

 

 

btr.net.nz

View solution in original post

Subscribe
7 REPLIES 7
triad
New here
‎04-13-2023 10:03 AM
‎04-13-2023 10:03 AM

I just got this AMP alert as well - 11:55 CST. No info on if false positive as of yet.

0 Kudos
Subscribe
Martyrob
New here
‎04-13-2023 10:05 AM
‎04-13-2023 10:05 AM

When I did a search looks like this was a false positive last Sept. But you know probably better safe than sorry to see if Meraki can confirm.

0 Kudos
Subscribe
StevePF
Getting noticed
‎04-13-2023 10:08 AM
‎04-13-2023 10:08 AM

I am still waiting for a reply from the Meraki Case I opened.

But it looks like a false positive according to virustotal.com.  Perhaps a windows patch that is not properly classified? 

 

 

 

StevePF_0-1681405533879.png

 

Subscribe
Jameson
Here to help
‎04-13-2023 10:13 AM
‎04-13-2023 10:13 AM

We are in the "Mee too" Category! Thanks for starting a seperate thread.

Source Location: b.c2r.ts.cdn.office.net

File: i640.c2rx (W32.7B9E2002CA.RET.SBX.TG)

SHA256: 7b9e2002cacef4817353464f9845e294845daef8b28adeab55e76b3c8278ff18

First notification was received: 4/13/2023 11:04 AM Eastern

Subscribe
In response to Jameson
Jameson
Here to help
‎04-13-2023 10:16 AM
‎04-13-2023 10:16 AM

We have seen this filename before ( i640.c2rx on 9/7/2022) but the SHA256 hash that we are getting back is different this time. Also, when I search VirusTotal for the SHA256 hash, it doesn't find anything.

When I download the file from the URL that is blocked by the FW, that file has a different SHA256 hash that is in VirusTotal. I'm not sure what is going on

Subscribe
In response to Jameson
Jameson
Here to help
‎04-13-2023 12:54 PM
‎04-13-2023 12:54 PM

Following up... This file is now marked as "clean" for me and is no longer appearing in the dashboard alerts. I believe this has been "resolved"

Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎04-13-2023 12:32 PM
‎04-13-2023 12:32 PM

Meraki have reported an issue with windows update traffic this morning.

 

https://status.meraki.net/incidents/66pj1lx1m4vs

 

 

btr.net.nz
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki