Malware download alert from equipment switched off

Solved
HernanP
New here

Malware download alert from equipment switched off

I've been receiving hundreds of alarms, in theory due to an XBOX trying to download malware. That device is off, but I still get those alarms. 400 over the weekend... 

 

 

This is the alarm email:

26 file downloads on your network 'SM1 - appliance' were blocked in the last hour because they were determined to be malicious.

Investigate the impact here.

 

- Cisco Meraki



This email was automatically generated; please do not reply.
You can change the alert delivery settings for this network.

 

 

This is the information I get when I check it on the dashboard:

 

 

 

Xbox One

 

IP10.10.10.29
MAC4c:0b:be:c4:f8:5f
OSAndroid

 

 

 

 

Most prevalent threats

Threat Occurrences
W32.358D7422CC-69.SBX.VIOC407

 

 

 

I'm not sure how to troubleshoot it or what to do next. 

 

Any insights?

 

Thanks!

1 Accepted Solution
pratikvyas
Meraki Employee
Meraki Employee

Further on this one, it seems that the file disposition has been fixed and is being categorized correctly now. 

View solution in original post

7 Replies 7
greglarson2
New here

I'm getting the same alerts every hour since Sunday morning. 

mhurst20
New here

Same for me. Since Sunday morning I've received 3249 events. 

BrianNLR
New here

Same problem here.

PhilipDAth
Kind of a big deal
Kind of a big deal

Sounds like a false positive.

pratikvyas
Meraki Employee
Meraki Employee

It seems that the Cisco AMP engine has categorized that file as malicious. If you think that's not the case, it's highly recommended that you reach out to Meraki Support with all the relevant information so they can work it out internally. This way we can make sure that the file is categorized correctly.  

 

For the Xbox trying to download while it is off, it's probably some sort of sleep setting on the device.

pratikvyas
Meraki Employee
Meraki Employee

Further on this one, it seems that the file disposition has been fixed and is being categorized correctly now. 

taugust04
Comes here often

Same here.  Virus Total lookup for the SHA256 value of the download comes up as file not found.  The only search hit for W32.358D7422CC-69.SBX.VIOC is this thread.

I opened a support case as recommended.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels