Any Webroot users out there seeing issues with AMP?
We've received new information from the Advanced Malware Protection (AMP) cloud about 1 file downloaded on your
The following files were determined to be malicious in retrospect:
File Hash:
54fd619d136646c014ca6e270e4a483dce033894c918a462b5a0352290ce95db (link)
Download Info:
The AMP alert shows a wsasme.exe file on webroot's site.
I opened a case to see if its a false positive but we've had a few customers that got flagged around the same time.
Solved! Go to solution.
I just received an update on the case we had open with Meraki from the support engineer:
I have looked into this more, and it looks like that hash file is being flagged as malicious by Talos Intelligence, and we have already opened tickets with them to change the reputation. Also note, that we can confirm this is a false positive as WebRoot and VirusTotal have also confirmed the file is not malicious.
We are experiencing the same thing.
seems to be a good hash file
Thanks for the feedback. Some of the webroot documentation seems to point to that URL so I think it's just an AMP update that flagged the files disposition as malicious or maybe it didn't like that the computers were trying to run executables from a website.
We have received the same from our customers. Is this really safe?
Same here, all of our MX's threw alerts yesterday regarding this file and I have seen no other posts on it other than this one. I also opened a Meraki case however they were less than helpful responding "Occasionally the MX appliance may block a file or URL that is deemed safe by the administrator. In that case, you can tell MX to allow the download of the content or web page by allowing the content."
We are treating it as a false positive at our org.
We are getting the same issue here.
I just received an update on the case we had open with Meraki from the support engineer:
I have looked into this more, and it looks like that hash file is being flagged as malicious by Talos Intelligence, and we have already opened tickets with them to change the reputation. Also note, that we can confirm this is a false positive as WebRoot and VirusTotal have also confirmed the file is not malicious.