Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

meraki flagging webroot installer file as malware (wsasme.exe)

waylon1981
New here
‎Jul 26 2022 1:42 PM
‎Jul 26 2022 1:42 PM

meraki flagging webroot installer file as malware (wsasme.exe)

Just saw alerts pop up reporting a malicious file was downloaded (wsasme.exe). It looks to be an automatic update for the Webroot av. virus scans on those machines reported no issues and they aren't acting strange. This appeared to be a false positive - anyone else experiencing this?

Subscribe
7 Replies 7
NordOps
Getting noticed
‎Jul 26 2022 1:54 PM
‎Jul 26 2022 1:54 PM

We're seeing the same thing on multiple networks, I started a case with Meraki support and also started a post.  I am not sure if there is a way to Merge them.

 

https://community.meraki.com/t5/Security-SD-WAN/Webroot-AMP/m-p/155472#M39074

Subscribe
JRMM
New here
‎Jul 26 2022 2:04 PM
‎Jul 26 2022 2:04 PM

We are having the same issues.  Looks to be a good hash but I'm waiting to take action till I get more info.

 

https://www.virustotal.com/gui/file/54fd619d136646c014ca6e270e4a483dce033894c918a462b5a0352290ce95db...

 

Subscribe
DrewAustin
New here
‎Jul 27 2022 5:50 AM
‎Jul 27 2022 5:50 AM

We're seeing the same.

0 Kudos
Subscribe
BeckerIT
Here to help
‎Jul 27 2022 5:56 AM
‎Jul 27 2022 5:56 AM

If it helps anyone, I just hashed the file, (locally on a Windows 11 VM), and it came back with the same hash as virustotal.  I then downloaded on a separate machine, hashed that file and that hash also matched.

0 Kudos
Subscribe
In response to BeckerIT
waylon1981
New here
‎Jul 27 2022 6:40 AM
‎Jul 27 2022 6:40 AM

Do you mean the hash came back as expected and you don't consider it a threat? 

0 Kudos
Subscribe
In response to waylon1981
BeckerIT
Here to help
‎Jul 27 2022 6:47 AM
‎Jul 27 2022 6:47 AM

In my case, NO I do not consider it a threat, as we are running webroot and I also verified with our RMM provider (whom we get the license from) has been pushing out updates this week.

0 Kudos
Subscribe
JessIT1
Getting noticed
‎Jul 27 2022 9:10 AM
‎Jul 27 2022 9:10 AM

We had same alert on our MX firewalls

wsasme.exe

SHA25654fd619d136646c014ca6e270e4a483dce033894c918a462b5a0352290ce95db
 
Disposition - Malicious | Type - MS_EXE | Size - 5657272 bytes

 

Ticket I had open with Meraki, response this morning:

 

Thanks for your response. Yes, I can confirm that you can trust Webroot and wsasme.exe is not a malicious file. Please ignore the alert, and I will close the ticket at this time.

Thank you,

Kunal Konduru
Cisco Meraki Technical Support

 

Webroot Support response yesterday:

 

The reason that Joe Sandbox lists for their "Suspicious" file determination (hooking functions) is normal for an Antivirus program. Cisco appears to be marking wsasme.exe as a threat for the same reason, however only Cisco support would be able to confirm this. If you have any further questions about this false positive, we recommend reaching out to Cisco support.

 

Regards,

The Webroot Advanced Malware Removal Team

 

 

This is a legitimate Webroot file. Please reach out to Cisco support for further assistance with this false positive.

 

Regards,

The Webroot Advanced Malware Removal Team

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.