Meraki

Community

Malware download alert from equipment switched off

Solved
HernanP
New here
‎Aug 17 2020 8:56 AM
‎Aug 17 2020 8:56 AM

Malware download alert from equipment switched off

I've been receiving hundreds of alarms, in theory due to an XBOX trying to download malware. That device is off, but I still get those alarms. 400 over the weekend... 

 

 

This is the alarm email:

26 file downloads on your network 'SM1 - appliance' were blocked in the last hour because they were determined to be malicious.

Investigate the impact here.

 

- Cisco Meraki



This email was automatically generated; please do not reply.
You can change the alert delivery settings for this network.

 

 

This is the information I get when I check it on the dashboard:

 

 

 

Xbox One

 

IP10.10.10.29
MAC4c:0b:be:c4:f8:5f
OSAndroid

 

 

 

 

Most prevalent threats

Threat Occurrences
W32.358D7422CC-69.SBX.VIOC407

 

 

 

I'm not sure how to troubleshoot it or what to do next. 

 

Any insights?

 

Thanks!

0 Kudos
1 Accepted Solution
In response to pratikvyas
pratikvyas
Meraki Employee
Meraki Employee
‎Aug 27 2020 4:13 PM
‎Aug 27 2020 4:13 PM

Further on this one, it seems that the file disposition has been fixed and is being categorized correctly now. 

View solution in original post

7 Replies 7
greglarson2
New here
‎Aug 17 2020 9:46 AM
‎Aug 17 2020 9:46 AM

I'm getting the same alerts every hour since Sunday morning. 

0 Kudos
In response to greglarson2
mhurst20
New here
‎Aug 17 2020 11:23 AM
‎Aug 17 2020 11:23 AM

Same for me. Since Sunday morning I've received 3249 events. 

0 Kudos
BrianNLR
New here
‎Aug 17 2020 12:18 PM
‎Aug 17 2020 12:18 PM

Same problem here.

0 Kudos
In response to BrianNLR
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 17 2020 1:40 PM
‎Aug 17 2020 1:40 PM

Sounds like a false positive.

0 Kudos
pratikvyas
Meraki Employee
Meraki Employee
‎Aug 17 2020 8:55 PM
‎Aug 17 2020 8:55 PM

It seems that the Cisco AMP engine has categorized that file as malicious. If you think that's not the case, it's highly recommended that you reach out to Meraki Support with all the relevant information so they can work it out internally. This way we can make sure that the file is categorized correctly.  

 

For the Xbox trying to download while it is off, it's probably some sort of sleep setting on the device.

0 Kudos
In response to pratikvyas
pratikvyas
Meraki Employee
Meraki Employee
‎Aug 27 2020 4:13 PM
‎Aug 27 2020 4:13 PM

Further on this one, it seems that the file disposition has been fixed and is being categorized correctly now. 

taugust04
Comes here often
‎Aug 20 2020 9:45 AM
‎Aug 20 2020 9:45 AM

Same here.  Virus Total lookup for the SHA256 value of the download comes up as file not found.  The only search hit for W32.358D7422CC-69.SBX.VIOC is this thread.

I opened a support case as recommended.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.