AMP : disposition "malicious" allowed

SOLVED
DBeiner
Conversationalist

AMP : disposition "malicious" allowed

Hello community,

 

My Meraki Security Dashboard inform me that a malware was downloaded on my network.

 

I can't find any informations about this file. Can you please tell me more ? And why a malicious file was allowed by my MX device ?

 

DBeiner_0-1662550488272.png

 

Thank you for your help and best regards,

 

David

1 ACCEPTED SOLUTION
DBeiner
Conversationalist
4 REPLIES 4
Shigella
Conversationalist

Interesting.  Under your IDS settings, are you set for Prevention or just Detection?

 

I have the same alerts, but mine are showing as Blocked.

DBeiner
Conversationalist

After performing several tests, this problem occurs when updating MS Office.

 

Apparently Meraki's AMP service identifies files as malicious (false positive) :

 

DBeiner_0-1662552792993.png

 

Brash
Kind of a big deal
Kind of a big deal

Meraki is aware of the issue and are investigating.

It's believed to be a false positive caused by an O365 update.

https://community.meraki.com/t5/Security-SD-WAN/Advanced-Malware-Protection-AMP-retrospect-alert/m-p...

DBeiner
Conversationalist

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels