Hi Jess,

We're seeing the same (same signature)

It's a Webroot update; at the moment, I'm working off the assumption it's another false positive - but a response from Meraki would be great.

@GiacomoS would you mind asking around and maybe raising a service notice if you find something.

Cheers

That is the client excutable for webroot secureanywhere anti-virus. I'm also getting alot (20 in the last hour) of these alerts. This is now the second or third time (this year) that meraki has (apparently) considered this file to be malious. 

I just opened Case 08784225, will keep everyone updated on this.

My notes show it was late July this year the exact same thing happened.

Maybe It can be related to this:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa85492

+1, getting this on our clients as well. A case created as well: 

08784533

Previous issue: https://community.meraki.com/t5/Security-SD-WAN/meraki-flagging-webroot-installer-file-as-malware-ws...

Hey team,

Acking the tag (thank you @eyre-jr ). I'll enquire and circle back!

Giac

Hey again team,

We are looking into this as it may be a false positive. We have some internal teams to speak with to confirm, so please bear with us. I'm not sure how impactful it is at the moment, so I won't spin up a service notice yet.

Can anyone confirm if the file is actually blocked or if it's just being flagged? 

Many thanks!

Giac