update.nai.com McAfee Update deemed Malicious by AMP

SOLVED
jdavis721
Here to help

update.nai.com McAfee Update deemed Malicious by AMP

I received an alert this morning for a malicious download from update.nai.com . When I checked out the URL it came back as McAfee Update Service. My experience with McAfee is limited, so I'm not sure if this is common. The folder downloaded was content-000D001A-000219-x86_32.zip  and it contained a rc.dat file. Anyone with experience in McAfee please let me know if I should be alarmed, Thanks!

 

 

content-000D001A-000219-x86_32.zip

 

SHA256:       6ce0250060c8df63b71478303a09e768f1204cb5a4ca456c287dedee0b799d97
Disposition:   Malicious
Type:             ZIP
Size:             2945325 bytes
1 ACCEPTED SOLUTION
Haydn
Getting noticed

I'd check the hash against VirusTotal and the other sites like it

View solution in original post

4 REPLIES 4
Haydn
Getting noticed

I'd check the hash against VirusTotal and the other sites like it

It came back clean on VirusTotal. I'm thinking this is another false positive similar to the one that happened last month with Windows Update.
Raj66
Meraki Employee
Meraki Employee

Hi @jdavis721, as @Haydn told, Virus total is a pretty reliable site for a double verification so far in my experience. If you are seeing no malicious activity in there, It could very well be a false positive. 

 

Cheers!

 

Raj

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it

You are correct. VirusTotal is great - thanks for the tip it gave the hash a 0 so I'm assuming this was a false positive. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels