cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

SOLVED
Highlighted
Comes here often

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

@Raj66 updated my ticket. I am sure the support guy Indy Cao is thrilled to see it still happening. 

Highlighted
Conversationalist

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

We're getting these as well on our FTD VPN FWs with AMP

 

<*- Network Based Malware From "VPN-FTD01" at Mon Aug  5 20:31:33 2019 UTC -*>

Sha256: 7b512b45b6903b562e7f52b04a7715c05f0bb0cfc42438d6f1f2cdbb32124ac6 Disposition: Malware Threat name: W32.7B512B45B6-100.SBX.TG IP Addresses: x.x.x.x<-23.204.228.68

 

 

However Talos shows it as clean...

Highlighted
New here

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

Is there a report available detailing this issue and what has been put in place to prevent this from happening again? Looking for something to send out to our clients detailing this false positive.

Highlighted
Comes here often

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

@Josh214 It is rather unlikely there is a report yet. Despite the thread indication it is "solved", I still have 2 open cases with support. 

Highlighted
Conversationalist

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

In my case - this was partly due to a setting (my issue was with AMP on ASA firewalls but similar database) was that in the management console for the file policy you can tell it to override Talo's disposition based on the ThreatGrid score.  TAC said because the way the update file works it is capable of being malicious so it gives it a very high threat score. In our case, we told our appliances to mark it as malware if the threat score was Very High.  Not sure if this is relatable to you guys but wanted to mention it

Highlighted
New here

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

Heads up, just got a blockage for another update. 

 

W32.B8E3DD9E82-95.SBX.TG

Highlighted
New here

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

Heads up, we just got a blockage for another update

 

W32.B8E3DD9E82-95.SBX.TG
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.