Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About Barakaki

Re: MX Malware Blocking

by in Security & SD-WAN
‎Apr 13 2023 8:48 AM
1 Kudo
‎Apr 13 2023 8:48 AM
1 Kudo
This is not new believe it or not.  These windows updates have been reported months ago to Meraki. I have an open ticket from months ago trying to figure this out.  Meraki on the backend is reporting these as malware, but it wasnt being reported to the dashboard and/or email alerts.  Something changed today and now its actually reporting so I might finally have some resolution to my open ticket.   How I discovered the problem is that I enabled syslog logging and sent all my logs to papertrail.  I then setup an alert on when malware was downloaded and I kept getting these alerts in papertrail.  Heres the original ticket.        There was never a resolution, meraki support could not help and they said their backend team was involved with the case.  I was never able to forcibly recreate the issue, so they were never able to resolve it.  This was happening across many clients with the same error/issue.   Heres a sample from 2 days ago from my papertrail app that went unreported to the dashboard and/or email alert.   Apr 11 10:20:04 98.151.25.111 logger <134>1 1681244404.194824387 Firewall security_event security_filtering_file_scanned url=http://1d.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ade20ec6-c563-480b-ad73-40580d...?P1=1681245007&amp;P2=404&amp;P3=2&amp;P4=X4AhVcAJt9jaRV%2fQCoOfA68Y3tgXZY4Hhvr8JWM6pe5%2fEIEDZAOWhdj0CK60cr4uGAgFEfe0%2b5r5q7kjJ%2foh3w%3d%3d src=192.168.1.192:54486 dst=209.197.3.8:80 mac=30:D1:6B:F1:7E:E7 name='' sha256=fc46caae796a5bfe5eb2a814d8f97fc91e6f710f68ca00832ccd7171fb550151 disposition=malicious action=block   I think my issue might finally get resolved now that its reporting to the dashboard and/or email alerts and its widespread. ... View more

Re: MX Malware Blocking

by in Security & SD-WAN
‎Apr 13 2023 8:48 AM
‎Apr 13 2023 8:48 AM
Where did my post go? ... View more

Re: MX Malware Blocking

by in Security & SD-WAN
‎Apr 13 2023 8:38 AM
‎Apr 13 2023 8:38 AM
This is not new believe it or not.  These windows updates have been reported months ago to Meraki. I have an open ticket from months ago trying to figure this out.  Meraki on the backend is reporting these as malware, but it wasnt being reported to the dashboard and/or email alerts.  Something changed today and now its actually reporting so I might finally have some resolution to my open ticket.   How I discovered the problem is that I enabled syslog logging and sent all my logs to papertrail.  I then setup an alert on when malware was downloaded and I kept getting these alerts in papertrail.  Heres the original ticket.      There was never a resolution, meraki support could not help and they said their backend team was involved with the case.  I was never able to forcibly recreate the issue, so they were never able to resolve it.  This was happening across many clients with the same error/issue.   Heres a sample from 2 days ago from my papertrail app that went unreported to the dashboard and/or email alert.   Apr 11 10:20:04 98.151.19.171 logger <134>1 1681244404.194824387 OLGC_Firewall security_event security_filtering_file_scanned url=http://1d.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ade20ec6-c563-480b-ad73-40580d3f2b72?P1=1681245007&amp;P2=404&amp;P3=2&amp;P4=X4AhVcAJt9jaRV%2fQCoOfA68Y3tgXZY4Hhvr8JWM6pe5%2fEIEDZAOWhdj0CK60cr4uGAgFEfe0%2b5r5q7kjJ%2foh3w%3d%3d src=192.168.1.192:54486 dst=209.197.3.8:80 mac=30:D1:6B:F1:7E:E7 name='' sha256=fc46caae796a5bfe5eb2a814d8f97fc91e6f710f68ca00832ccd7171fb550151 disposition=malicious action=block   I think my issue might finally get resolved now that its reporting to the dashboard and/or email alerts and its widespread. ... View more
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.