cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Malware download alert from equipment switched off

SOLVED
Highlighted
New here

Malware download alert from equipment switched off

I've been receiving hundreds of alarms, in theory due to an XBOX trying to download malware. That device is off, but I still get those alarms. 400 over the weekend... 

 

 

This is the alarm email:

26 file downloads on your network 'SM1 - appliance' were blocked in the last hour because they were determined to be malicious.

Investigate the impact here.

 

- Cisco Meraki



This email was automatically generated; please do not reply.
You can change the alert delivery settings for this network.

 

 

This is the information I get when I check it on the dashboard:

 

 

 

Xbox One

 

IP10.10.10.29
MAC4c:0b:be:c4:f8:5f
OSAndroid

 

 

 

 

Most prevalent threats

Threat Occurrences
W32.358D7422CC-69.SBX.VIOC407

 

 

 

I'm not sure how to troubleshoot it or what to do next. 

 

Any insights?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Meraki Employee

Re: Malware download alert from equipment switched off

Further on this one, it seems that the file disposition has been fixed and is being categorized correctly now. 

View solution in original post

7 REPLIES 7
Highlighted
New here

Re: Malware download alert from equipment switched off

I'm getting the same alerts every hour since Sunday morning. 

Highlighted
New here

Re: Malware download alert from equipment switched off

Same for me. Since Sunday morning I've received 3249 events. 

Highlighted
New here

Re: Malware download alert from equipment switched off

Same problem here.

Highlighted
Kind of a big deal

Re: Malware download alert from equipment switched off

Sounds like a false positive.

Highlighted
Meraki Employee

Re: Malware download alert from equipment switched off

It seems that the Cisco AMP engine has categorized that file as malicious. If you think that's not the case, it's highly recommended that you reach out to Meraki Support with all the relevant information so they can work it out internally. This way we can make sure that the file is categorized correctly.  

 

For the Xbox trying to download while it is off, it's probably some sort of sleep setting on the device.

Highlighted
Comes here often

Re: Malware download alert from equipment switched off

Same here.  Virus Total lookup for the SHA256 value of the download comes up as file not found.  The only search hit for W32.358D7422CC-69.SBX.VIOC is this thread.

I opened a support case as recommended.

Highlighted
Meraki Employee

Re: Malware download alert from equipment switched off

Further on this one, it seems that the file disposition has been fixed and is being categorized correctly now. 

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.