Seeing on (3) of our firewalls - Threat Name - wsasme.exe

JessIT1
Getting noticed

Seeing on (3) of our firewalls - Threat Name - wsasme.exe

Disposition was Unknown and has been seen 21 timeswsasme.exe

 

Virus Total shows clean

 

ecc68b789e468e46e6ffcce76d17148018266fa20984a4f5a260533d01581b67
11 REPLIES 11
NordOps
Getting noticed

We're seeing a lot of these as well.

eyre-jr
Here to help

Hi Jess,

 

We're seeing the same (same signature)

It's a Webroot update; at the moment, I'm working off the assumption it's another false positive - but a response from Meraki would be great.

@GiacomoS would you mind asking around and maybe raising a service notice if you find something.

 

Cheers

BeckerIT
Here to help

That is the client excutable for webroot secureanywhere anti-virus. I'm also getting alot (20 in the last hour) of these alerts. This is now the second or third time (this year) that meraki has (apparently) considered this file to be malious. 

BeckerIT
Here to help

I just opened Case 08784225, will keep everyone updated on this.

JessIT1
Getting noticed

My notes show it was late July this year the exact same thing happened.

alemabrahao
Kind of a big deal
Kind of a big deal

Maybe It can be related to this:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa85492

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Volztage
Conversationalist

+1, getting this on our clients as well. A case created as well: 

08784533

 

Previous issue: https://community.meraki.com/t5/Security-SD-WAN/meraki-flagging-webroot-installer-file-as-malware-ws...

GiacomoS
Meraki Employee
Meraki Employee

Hey team,

Acking the tag (thank you @eyre-jr ). I'll enquire and circle back!

 

Giac

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
GiacomoS
Meraki Employee
Meraki Employee

Hey again team,

 

We are looking into this as it may be a false positive. We have some internal teams to speak with to confirm, so please bear with us. I'm not sure how impactful it is at the moment, so I won't spin up a service notice yet.

 

Can anyone confirm if the file is actually blocked or if it's just being flagged? 

 

Many thanks!

Giac

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!

@GiacomoS 

 

Can It be related to this?

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa85492

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I should have updated the thread - case 08784236, support responded.

 

The file is benign and Security Center is reporting a Retrospective Malware Detection of wsasme.exe.

So it is indeed a false positive

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels