"Malware download detected" - New Apple Update

SOLVED
fiftycal45
New here

"Malware download detected" - New Apple Update

Is anyone else experiencing MX IPS alerts- "malware downloaded detected" for the new Apple update

  
1 ACCEPTED SOLUTION
Meraki-MX
Meraki Employee
Meraki Employee

Hello,

 

We apologize for the inconvenience.

 

The AMP Research and Efficacy Team (RET) are aware and currently investigating the issue. The immediate issue should be fixed now. The current hash is marked clean.

 

Thank you.

View solution in original post

6 REPLIES 6
CamG
Here to help

Yeah, received two this morning. Alert didn't really clue me into where it was coming from. IP addresses of two of our access points.

Qasim
Conversationalist

I have recieved atleast 5 alerts today

 

 

 

usnyc3-vip-bx-004.aaplimg.com17.253.15.204 United States 2
usnyc3-vip-bx-002.aaplimg.com17.253.15.202 United States 1
usnyc3-vip-bx-006.aaplimg.com17.253.15.206 United States 1
usewr1-vip-bx-002.aaplimg.com17.253.97.202 United States 1
8.250.89.254 United States 1
 
 
 
 
W32.42D7434E10-95.SBX.TG 3
86ea5441393e1f0b96656bb5ad56364b308b7ca6.zip 2

 

 

DarrenOC
Kind of a big deal
Kind of a big deal

Literally just received one.  I guess we don’t need to go hunt the client down as I assume this is a false positive 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Just received reply from Cisco Rep

 

Yes, we have been reported that by our client its is Apple's new software update that is causing this alerts it is a false alarm. These alerts are been generated on devices that are on iOS 14.2

JFagin
Comes here often

Thanks for this update I got about 30 of these alerts at one time from most of my sites.   I will just delete them and keep it moving.

Meraki-MX
Meraki Employee
Meraki Employee

Hello,

 

We apologize for the inconvenience.

 

The AMP Research and Efficacy Team (RET) are aware and currently investigating the issue. The immediate issue should be fixed now. The current hash is marked clean.

 

Thank you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels