cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

update.nai.com McAfee Update deemed Malicious by AMP

SOLVED
Here to help

update.nai.com McAfee Update deemed Malicious by AMP

I received an alert this morning for a malicious download from update.nai.com . When I checked out the URL it came back as McAfee Update Service. My experience with McAfee is limited, so I'm not sure if this is common. The folder downloaded was content-000D001A-000219-x86_32.zip  and it contained a rc.dat file. Anyone with experience in McAfee please let me know if I should be alarmed, Thanks!

 

 

content-000D001A-000219-x86_32.zip

 

SHA256:       6ce0250060c8df63b71478303a09e768f1204cb5a4ca456c287dedee0b799d97
Disposition:   Malicious
Type:             ZIP
Size:             2945325 bytes
1 ACCEPTED SOLUTION

Accepted Solutions
Getting noticed

Re: update.nai.com McAfee Update deemed Malicious by AMP

I'd check the hash against VirusTotal and the other sites like it

View solution in original post

4 REPLIES 4
Getting noticed

Re: update.nai.com McAfee Update deemed Malicious by AMP

I'd check the hash against VirusTotal and the other sites like it

View solution in original post

Here to help

Re: update.nai.com McAfee Update deemed Malicious by AMP

It came back clean on VirusTotal. I'm thinking this is another false positive similar to the one that happened last month with Windows Update.
Highlighted
Meraki Employee

Re: update.nai.com McAfee Update deemed Malicious by AMP

Hi @jdavis721, as @Haydn told, Virus total is a pretty reliable site for a double verification so far in my experience. If you are seeing no malicious activity in there, It could very well be a false positive. 

 

Cheers!

 

Raj

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it
Here to help

Re: update.nai.com McAfee Update deemed Malicious by AMP

You are correct. VirusTotal is great - thanks for the tip it gave the hash a 0 so I'm assuming this was a false positive. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.