Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1181
Views
4
Helpful
9
Replies

Multiple Secure Endpoint Alerts

Go to solution
johnmac
Level 1
Level 1

‎04-03-2024 07:51 AM

Hi, in the last few hours our Secure Endpoint has alerted to hundreds of events associated with "Gen:Variant.Jatommy.3.3433". While the files are being quarantined in most cases, i believe this may be a false positive, is anyone else seeing these alerts?

thanks,

6 people had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee
In response to johnmac

‎04-04-2024 04:33 AM

Good morning. Yes, it was determined to be a False Positive. Apologies for the delay on the update, the resolution came after I was out for the day. 

-Matt

View solution in original post

9 Replies 9

Go to solution
Ken Stieers
VIP
VIP

‎04-03-2024 08:04 AM

I haven't yet... what sorts of files is it hitting on?  

0 Helpful

Go to solution
johnmac
Level 1
Level 1
In response to Ken Stieers

‎04-03-2024 08:09 AM

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b2fa8ab4e829625f.customDestinations-ms

0 Helpful

Go to solution
mpdonovan
Level 1
Level 1

‎04-03-2024 09:04 AM

I am seeing the same thing on a smaller scale. I have only gotten a handful of alerts today. At least at this point.

0 Helpful

Go to solution
Alisabeth N
Level 1
Level 1

‎04-03-2024 09:11 AM

I am seeing this happen today as well. All appear to be coming from the parent file msedge.exe. I am seeing two different hashes for this msedge.exe which both are coming up clean.

1d7e81e6a33c0dc5541770b414fb7bc9760141ec9b869dcd9466017292f99d1a

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LUHCRNBMS942Y9B7W95W.temp

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y0FE6QYMR6IZ67O9NC0E.temp

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T6IWKQUHJLDEE9YHH41B.temp

0 Helpful

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎04-03-2024 09:40 AM

TALOS is investigating. 

Go to solution
johnmac
Level 1
Level 1
In response to Matthew Franks

‎04-04-2024 01:41 AM

Hi Matthew, has there been any update from Talos on this?

0 Helpful

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee
In response to johnmac

‎04-04-2024 04:33 AM

Good morning. Yes, it was determined to be a False Positive. Apologies for the delay on the update, the resolution came after I was out for the day. 

-Matt

Go to solution
johnmac
Level 1
Level 1
In response to Matthew Franks

‎04-04-2024 04:39 AM

Great, thanks for that Matthew. 

0 Helpful

Go to solution
tbduff001
Level 1
Level 1

‎04-03-2024 01:04 PM

Does anyone know if this has officially been determined to be a False Positive? 

0 Helpful
Customers Also Viewed These Support Documents