cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

SOLVED
Here to help

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

Yes, also seeing Adobe file being reported here.

 

2 Different Files:

eutl12.acrobatsecuritysettings (SHA256: 7b512b45b6903b562e7f52b04a7715c05f0bb0cfc42438d6f1f2cdbb32124ac6)

eutl11.acrobatsecuritysettings (SHA256: 3ed06a6ff00c0015e85609f509b11c3cdf0ab9991d74b1d44daab7c264fd99d9)

 

No hits for these on VirusTotal, coming from an Akamai server with an Adobe URL, so pretty confident this is false positive as well.

 

My feedback from support was that Engineering was aware of the issue, and I would get an update when it was resolved. I've not gotten an update yet and still seeing blocks for the original Microsoft file. So seems like original issue is still ongoing.

 

I've whitelisted the SHA256 in AMP in most of my sites, and that clears up the alert issue.

Here to help

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

I'm getting slammed with alerts as well. Opened a support case with meraki, and it appears to be a false positive.
Conversationalist

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

Got this too last night. Good to know that it was a false-positive.

Conversationalist

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

@calebbaker @SEC_ST 

 

I spoke to Meraki support regarding eutl12.acrobatsecuritysettings (SHA256: 7b512b45b6903b562e7f52b04a7715c05f0bb0cfc42438d6f1f2cdbb32124ac6) and they advised this is also a false positive - most likely due to outdated MX software. Check your MX version and see what you find there.

Here to help

Re: W32.779C90C974-100.SBX.TG / ArchiveFile - Disposition Changed

Um... well... we're on 15.14. Although 15.15 is out 15.14 is still pretty darn new!

Thanks for the update either way... I'll ignore the Adobe stuff from last night.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.