I've been receiving hundreds of alarms, in theory due to an XBOX trying to download malware. That device is off, but I still get those alarms. 400 over the weekend...
This is the alarm email:
26 file downloads on your network 'SM1 - appliance' were blocked in the last hour because they were determined to be malicious.
Investigate the impact here.
- Cisco Meraki
This email was automatically generated; please do not reply.
You can change the alert delivery settings for this network.
This is the information I get when I check it on the dashboard:
I'm not sure how to troubleshoot it or what to do next.
Solved! Go to Solution.
It seems that the Cisco AMP engine has categorized that file as malicious. If you think that's not the case, it's highly recommended that you reach out to Meraki Support with all the relevant information so they can work it out internally. This way we can make sure that the file is categorized correctly.
For the Xbox trying to download while it is off, it's probably some sort of sleep setting on the device.
Same here. Virus Total lookup for the SHA256 value of the download comes up as file not found. The only search hit for W32.358D7422CC-69.SBX.VIOC is this thread.
I opened a support case as recommended.