Cisco Bug: CSCvi84426 - Certain malicious file/archive not being detected by AMP
Apr 26, 2018
- Cisco AMP for Endpoints
Known Affected Releases
Symptom: Issue is regarding a specific file/archive (PO.z), which has the sha256: 078edc1aa1faa45a0b26be25ff65f6aca6644af7f221c19f207a01e133c2806b which is Malicious in the AMP Cloud. Windows detects the file and calculates the sha256 for the file properly (Verified in Windows7), however seems to be ignored by the AMP Connector. The file, it's just a 7z archive, and if you unarchive it, you do get a detection but it's for another file (different sha256: 2d21dafcc25a251884a29c07c81e222a19875db266448c4c3339905cce3404d9) which is also malicious Conditions: AMP4E WinConnector.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases