AVG business, definition update triggering block in firepower

Started by Dieselboy, April 17, 2016, 01:16:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Dieselboy

April 17, 2016, 01:16:43 PM
I had a retrospective alert earlier for a download which firepower didn't know about. It sent it to the cloud for analysis and it was found to be malware. All subsequent update attempts have been blocked.
Not sure if this is a false positive as it was sent to the cloud for analysis and came back as malware.
I'll look into it tomorrow but this is interesting. May need to raise a tac or contact AVG but not sure yet until i look into it.

At the moment I'm not sure how or why it's being picked up as malware. Or if this to be expected due to the nature so needs a white list.

Anyone have any experience like this? 

Dieselboy

#1
April 18, 2016, 10:32:06 PM
Cisco have advised me that they have looked into it and it is not malware. So they've marked it as clean.

Yay!

deanwebb

#2
April 19, 2016, 08:36:12 AM
... are they suuuuuuuure?

:problem?:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions