Meraki

jdavis721 · ‎Sep 4 2019

I received an alert this morning for a malicious download from update.nai.com . When I checked out the URL it came back as McAfee Update Service. My experience with McAfee is limited, so I'm not sure if this is common. The folder downloaded was content-000D001A-000219-x86_32.zip and it contained a rc.dat file. Anyone with experience in McAfee please let me know if I should be alarmed, Thanks!

content-000D001A-000219-x86_32.zip

SHA256: 6ce0250060c8df63b71478303a09e768f1204cb5a4ca456c287dedee0b799d97

Disposition: Malicious

Type: ZIP

Size: 2945325 bytes

Haydn · ‎Sep 4 2019

I'd check the hash against VirusTotal and the other sites like it

View solution in original post

Haydn · ‎Sep 4 2019

I'd check the hash against VirusTotal and the other sites like it

jdavis721 · ‎Sep 4 2019

It came back clean on VirusTotal. I'm thinking this is another false positive similar to the one that happened last month with Windows Update.

Raj66 · ‎Sep 4 2019

Hi @jdavis721, as @Haydn told, Virus total is a pretty reliable site for a double verification so far in my experience. If you are seeing no malicious activity in there, It could very well be a false positive.

Cheers!

Raj

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it

jdavis721 · ‎Sep 5 2019

You are correct. VirusTotal is great - thanks for the tip it gave the hash a 0 so I'm assuming this was a false positive.

Meraki

Community

update.nai.com McAfee Update deemed Malicious by AMP

update.nai.com McAfee Update deemed Malicious by AMP