Meraki

Community

AMP : disposition "malicious" allowed

Solved
DBeiner
Conversationalist
‎Sep 7 2022 4:35 AM
‎Sep 7 2022 4:35 AM

AMP : disposition "malicious" allowed

Hello community,

 

My Meraki Security Dashboard inform me that a malware was downloaded on my network.

 

I can't find any informations about this file. Can you please tell me more ? And why a malicious file was allowed by my MX device ?

 

DBeiner_0-1662550488272.png

 

Thank you for your help and best regards,

 

David

0 Kudos
1 Accepted Solution
DBeiner
Conversationalist
‎Sep 7 2022 5:26 AM
‎Sep 7 2022 5:26 AM

Please follow this topic : Advanced Malware Protection (AMP) retrospect alert - The Meraki Community

View solution in original post

0 Kudos
4 Replies 4
Shigella
Conversationalist
‎Sep 7 2022 5:12 AM
‎Sep 7 2022 5:12 AM

Interesting.  Under your IDS settings, are you set for Prevention or just Detection?

 

I have the same alerts, but mine are showing as Blocked.

0 Kudos
DBeiner
Conversationalist
‎Sep 7 2022 5:13 AM
‎Sep 7 2022 5:13 AM

After performing several tests, this problem occurs when updating MS Office.

 

Apparently Meraki's AMP service identifies files as malicious (false positive) :

 

DBeiner_0-1662552792993.png

 

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Sep 7 2022 5:19 AM
‎Sep 7 2022 5:19 AM

Meraki is aware of the issue and are investigating.

It's believed to be a false positive caused by an O365 update.

https://community.meraki.com/t5/Security-SD-WAN/Advanced-Malware-Protection-AMP-retrospect-alert/m-p...

0 Kudos
DBeiner
Conversationalist
‎Sep 7 2022 5:26 AM
‎Sep 7 2022 5:26 AM

Please follow this topic : Advanced Malware Protection (AMP) retrospect alert - The Meraki Community

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.