Guest

Preview Tool

Cisco Bug: CSCvi84426 - Certain malicious file/archive not being detected by AMP

Last Modified

Apr 26, 2018

Products (1)

  • Cisco AMP for Endpoints

Known Affected Releases

n/a

Description (partial)

Symptom:
Issue is regarding a specific file/archive (PO.z), which has the sha256: 078edc1aa1faa45a0b26be25ff65f6aca6644af7f221c19f207a01e133c2806b which is Malicious in the AMP Cloud. Windows detects the file and calculates the sha256 for the file properly (Verified in Windows7), however seems to be ignored by the AMP Connector.
The file, it's just a 7z archive, and if you unarchive it, you do get a detection but it's for another file (different sha256: 2d21dafcc25a251884a29c07c81e222a19875db266448c4c3339905cce3404d9) which is also malicious

Conditions:
AMP4E WinConnector.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.